2
* OpenVPN -- An application to securely tunnel IP networks
3
* over a single TCP/UDP port, with support for SSL/TLS-based
4
* session authentication and key exchange,
5
* packet encryption, packet authentication, and
8
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License version 2
12
* as published by the Free Software Foundation.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program (see the file COPYING included with this
21
* distribution); if not, write to the Free Software Foundation, Inc.,
22
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
* Support routines for configuring and accessing TUN/TAP
27
* virtual network adapters.
29
* This file is based on the TUN/TAP driver interface routines
30
* from VTun by Maxim Krasnyansky <max_mk@yahoo.com>.
48
/* #define SIMULATE_DHCP_FAILED */ /* simulate bad DHCP negotiation */
50
#define NI_TEST_FIRST (1<<0)
51
#define NI_IP_NETMASK (1<<1)
52
#define NI_OPTIONS (1<<2)
54
static void netsh_ifconfig (const struct tuntap_options *to,
55
const char *flex_name,
57
const in_addr_t netmask,
58
const unsigned int flags);
59
static void netsh_command (const struct argv *a, int n);
61
static const char *netsh_get_id (const char *dev_node, struct gc_arena *gc);
66
static void solaris_error_close (struct tuntap *tt, const struct env_set *es, const char *actual, bool unplumb_inet6);
71
is_dev_type (const char *dev, const char *dev_type, const char *match_type)
77
return !strcmp (dev_type, match_type);
79
return !strncmp (dev, match_type, strlen (match_type));
83
dev_type_enum (const char *dev, const char *dev_type)
85
if (is_dev_type (dev, dev_type, "tun"))
87
else if (is_dev_type (dev, dev_type, "tap"))
89
else if (is_dev_type (dev, dev_type, "null"))
92
return DEV_TYPE_UNDEF;
96
dev_type_string (const char *dev, const char *dev_type)
98
switch (dev_type_enum (dev, dev_type))
107
return "[unknown-dev-type]";
112
* Try to predict the actual TUN/TAP device instance name,
113
* before the device is actually opened.
116
guess_tuntap_dev (const char *dev,
117
const char *dev_type,
118
const char *dev_node,
122
const int dt = dev_type_enum (dev, dev_type);
123
if (dt == DEV_TYPE_TUN || dt == DEV_TYPE_TAP)
125
return netsh_get_id (dev_node, gc);
134
/* --ifconfig-nowarn disables some options sanity checking */
135
static const char ifconfig_warn_how_to_silence[] = "(silence this warning with --ifconfig-nowarn)";
138
* If !tun, make sure ifconfig_remote_netmask looks
141
* If tun, make sure ifconfig_remote_netmask looks
142
* like an IPv4 address.
145
ifconfig_sanity_check (bool tun, in_addr_t addr, int topology)
147
struct gc_arena gc = gc_new ();
148
const bool looks_like_netmask = ((addr & 0xFF000000) == 0xFF000000);
151
if (looks_like_netmask && (topology == TOP_NET30 || topology == TOP_P2P))
152
msg (M_WARN, "WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (%s) that looks more like a netmask. %s",
153
print_in_addr_t (addr, 0, &gc),
154
ifconfig_warn_how_to_silence);
158
if (!looks_like_netmask)
159
msg (M_WARN, "WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. %s",
160
ifconfig_warn_how_to_silence);
166
* For TAP-style devices, generate a broadcast address.
169
generate_ifconfig_broadcast_addr (in_addr_t local,
172
return local | ~netmask;
176
* Check that --local and --remote addresses do not
177
* clash with ifconfig addresses or subnet.
180
check_addr_clash (const char *name,
184
in_addr_t remote_netmask)
186
struct gc_arena gc = gc_new ();
188
msg (M_INFO, "CHECK_ADDR_CLASH type=%d public=%s local=%s, remote_netmask=%s",
190
print_in_addr_t (public, 0, &gc),
191
print_in_addr_t (local, 0, &gc),
192
print_in_addr_t (remote_netmask, 0, &gc));
197
if (type == DEV_TYPE_TUN)
199
const in_addr_t test_netmask = 0xFFFFFF00;
200
const in_addr_t public_net = public & test_netmask;
201
const in_addr_t local_net = local & test_netmask;
202
const in_addr_t remote_net = remote_netmask & test_netmask;
204
if (public == local || public == remote_netmask)
206
"WARNING: --%s address [%s] conflicts with --ifconfig address pair [%s, %s]. %s",
208
print_in_addr_t (public, 0, &gc),
209
print_in_addr_t (local, 0, &gc),
210
print_in_addr_t (remote_netmask, 0, &gc),
211
ifconfig_warn_how_to_silence);
213
if (public_net == local_net || public_net == remote_net)
215
"WARNING: potential conflict between --%s address [%s] and --ifconfig address pair [%s, %s] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. %s",
217
print_in_addr_t (public, 0, &gc),
218
print_in_addr_t (local, 0, &gc),
219
print_in_addr_t (remote_netmask, 0, &gc),
220
ifconfig_warn_how_to_silence);
222
else if (type == DEV_TYPE_TAP)
224
const in_addr_t public_network = public & remote_netmask;
225
const in_addr_t virtual_network = local & remote_netmask;
226
if (public_network == virtual_network)
228
"WARNING: --%s address [%s] conflicts with --ifconfig subnet [%s, %s] -- local and remote addresses cannot be inside of the --ifconfig subnet. %s",
230
print_in_addr_t (public, 0, &gc),
231
print_in_addr_t (local, 0, &gc),
232
print_in_addr_t (remote_netmask, 0, &gc),
233
ifconfig_warn_how_to_silence);
240
* Issue a warning if ip/netmask (on the virtual IP network) conflicts with
241
* the settings on the local LAN. This is designed to flag issues where
242
* (for example) the OpenVPN server LAN is running on 192.168.1.x, but then
243
* an OpenVPN client tries to connect from a public location that is also running
244
* off of a router set to 192.168.1.x.
247
check_subnet_conflict (const in_addr_t ip,
248
const in_addr_t netmask,
251
struct gc_arena gc = gc_new ();
252
in_addr_t lan_gw = 0;
253
in_addr_t lan_netmask = 0;
255
if (get_default_gateway (&lan_gw, &lan_netmask))
257
const in_addr_t lan_network = lan_gw & lan_netmask;
258
const in_addr_t network = ip & netmask;
260
/* do the two subnets defined by network/netmask and lan_network/lan_netmask intersect? */
261
if ((network & lan_netmask) == lan_network
262
|| (lan_network & netmask) == network)
264
msg (M_WARN, "WARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]",
266
print_in_addr_t (lan_network, 0, &gc),
267
print_in_addr_t (lan_netmask, 0, &gc),
268
print_in_addr_t (network, 0, &gc),
269
print_in_addr_t (netmask, 0, &gc));
276
warn_on_use_of_common_subnets (void)
278
struct gc_arena gc = gc_new ();
279
in_addr_t lan_gw = 0;
280
in_addr_t lan_netmask = 0;
282
if (get_default_gateway (&lan_gw, &lan_netmask))
284
const in_addr_t lan_network = lan_gw & lan_netmask;
285
if (lan_network == 0xC0A80000 || lan_network == 0xC0A80100)
286
msg (M_WARN, "NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.");
292
* Complain if --dev tap and --ifconfig is used on an OS for which
293
* we don't have a custom tap ifconfig template below.
298
msg (M_FATAL, "Sorry but you cannot use --dev tap and --ifconfig together on this OS because I have not yet been programmed to understand the appropriate ifconfig syntax to use for TAP-style devices on this OS. Your best alternative is to use an --up script and do the ifconfig command manually.");
302
* Return a string to be used for options compatibility check
306
ifconfig_options_string (const struct tuntap* tt, bool remote, bool disable, struct gc_arena *gc)
308
struct buffer out = alloc_buf_gc (256, gc);
309
if (tt->did_ifconfig_setup && !disable)
311
if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
313
buf_printf (&out, "%s %s",
314
print_in_addr_t (tt->local & tt->remote_netmask, 0, gc),
315
print_in_addr_t (tt->remote_netmask, 0, gc));
317
else if (tt->type == DEV_TYPE_TUN)
322
r = print_in_addr_t (tt->local, 0, gc);
323
l = print_in_addr_t (tt->remote_netmask, 0, gc);
327
l = print_in_addr_t (tt->local, 0, gc);
328
r = print_in_addr_t (tt->remote_netmask, 0, gc);
330
buf_printf (&out, "%s %s", r, l);
333
buf_printf (&out, "[undef]");
339
* Return a status string describing wait state.
342
tun_stat (const struct tuntap *tt, unsigned int rwflags, struct gc_arena *gc)
344
struct buffer out = alloc_buf_gc (64, gc);
347
if (rwflags & EVENT_READ)
349
buf_printf (&out, "T%s",
350
(tt->rwflags_debug & EVENT_READ) ? "R" : "r");
352
buf_printf (&out, "%s",
353
overlapped_io_state_ascii (&tt->reads));
356
if (rwflags & EVENT_WRITE)
358
buf_printf (&out, "T%s",
359
(tt->rwflags_debug & EVENT_WRITE) ? "W" : "w");
361
buf_printf (&out, "%s",
362
overlapped_io_state_ascii (&tt->writes));
368
buf_printf (&out, "T?");
374
* Return true for point-to-point topology, false for subnet topology
377
is_tun_p2p (const struct tuntap *tt)
381
if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
383
else if (tt->type == DEV_TYPE_TUN)
386
msg (M_FATAL, "Error: problem with tun vs. tap setting"); /* JYFIXME -- needs to be caught earlier, in init_tun? */
392
* Init tun/tap object.
394
* Set up tuntap structure for ifconfig,
395
* but don't execute yet.
398
init_tun (const char *dev, /* --dev option */
399
const char *dev_type, /* --dev-type option */
400
int topology, /* one of the TOP_x values */
401
const char *ifconfig_local_parm, /* --ifconfig parm 1 */
402
const char *ifconfig_remote_netmask_parm, /* --ifconfig parm 2 */
403
const char *ifconfig_ipv6_local_parm, /* --ifconfig parm 1 IPv6 */
404
const char *ifconfig_ipv6_remote_parm, /* --ifconfig parm 2 IPv6 */
405
in_addr_t local_public,
406
in_addr_t remote_public,
407
const bool strict_warn,
410
struct gc_arena gc = gc_new ();
413
ALLOC_OBJ (tt, struct tuntap);
416
tt->type = dev_type_enum (dev, dev_type);
417
tt->topology = topology;
419
if (ifconfig_local_parm && ifconfig_remote_netmask_parm)
422
const char *ifconfig_local = NULL;
423
const char *ifconfig_remote_netmask = NULL;
424
const char *ifconfig_broadcast = NULL;
427
* We only handle TUN/TAP devices here, not --dev null devices.
429
tun = is_tun_p2p (tt);
432
* Convert arguments to binary IPv4 addresses.
435
tt->local = getaddr (
438
| GETADDR_FATAL_ON_SIGNAL
445
tt->remote_netmask = getaddr (
446
(tun ? GETADDR_RESOLVE : 0)
448
| GETADDR_FATAL_ON_SIGNAL
450
ifconfig_remote_netmask_parm,
456
* Look for common errors in --ifconfig parms
460
ifconfig_sanity_check (tt->type == DEV_TYPE_TUN, tt->remote_netmask, tt->topology);
463
* If local_public or remote_public addresses are defined,
464
* make sure they do not clash with our virtual subnet.
467
check_addr_clash ("local",
473
check_addr_clash ("remote",
479
if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
480
check_subnet_conflict (tt->local, tt->remote_netmask, "TUN/TAP adapter");
481
else if (tt->type == DEV_TYPE_TUN)
482
check_subnet_conflict (tt->local, ~0, "TUN/TAP adapter");
486
* Set ifconfig parameters
488
ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
489
ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
492
* If TAP-style interface, generate broadcast address.
496
tt->broadcast = generate_ifconfig_broadcast_addr (tt->local, tt->remote_netmask);
497
ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
501
* Set environmental variables with ifconfig parameters.
505
setenv_str (es, "ifconfig_local", ifconfig_local);
508
setenv_str (es, "ifconfig_remote", ifconfig_remote_netmask);
512
setenv_str (es, "ifconfig_netmask", ifconfig_remote_netmask);
513
setenv_str (es, "ifconfig_broadcast", ifconfig_broadcast);
517
tt->did_ifconfig_setup = true;
520
if (ifconfig_ipv6_local_parm && ifconfig_ipv6_remote_parm)
522
const char *ifconfig_ipv6_local = NULL;
523
const char *ifconfig_ipv6_remote = NULL;
526
* Convert arguments to binary IPv6 addresses.
529
if ( inet_pton( AF_INET6, ifconfig_ipv6_local_parm, &tt->local_ipv6 ) != 1 ||
530
inet_pton( AF_INET6, ifconfig_ipv6_remote_parm, &tt->remote_ipv6 ) != 1 )
532
msg( M_FATAL, "init_tun: problem converting IPv6 ifconfig addresses %s and %s to binary", ifconfig_ipv6_local_parm, ifconfig_ipv6_remote_parm );
534
tt->netbits_ipv6 = 64;
537
* Set ifconfig parameters
539
ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
540
ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
543
* Set environmental variables with ifconfig parameters.
547
setenv_str (es, "ifconfig_ipv6_local", ifconfig_ipv6_local);
548
setenv_str (es, "ifconfig_ipv6_remote", ifconfig_ipv6_remote);
550
tt->did_ifconfig_ipv6_setup = true;
558
* Platform specific tun initializations
561
init_tun_post (struct tuntap *tt,
562
const struct frame *frame,
563
const struct tuntap_options *options)
565
tt->options = *options;
567
overlapped_io_init (&tt->reads, frame, FALSE, true);
568
overlapped_io_init (&tt->writes, frame, TRUE, true);
569
tt->rw_handle.read = tt->reads.overlapped.hEvent;
570
tt->rw_handle.write = tt->writes.overlapped.hEvent;
571
tt->adapter_index = ~0;
575
#if defined(TARGET_WIN32) || \
576
defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD)
578
/* some of the platforms will auto-add a "network route" pointing
579
* to the interface on "ifconfig tunX 2001:db8::1/64", others need
580
* an extra call to "route add..."
581
* -> helper function to simplify code below
583
void add_route_connected_v6_net(struct tuntap * tt,
584
const struct env_set *es)
586
struct route_ipv6 r6;
589
r6.network = tt->local_ipv6;
590
r6.netbits = tt->netbits_ipv6;
591
r6.gateway = tt->local_ipv6;
592
add_route_ipv6 (&r6, tt, 0, es);
597
/* execute the ifconfig command through the shell */
599
do_ifconfig (struct tuntap *tt,
600
const char *actual, /* actual device name */
602
const struct env_set *es)
604
struct gc_arena gc = gc_new ();
606
if (tt->did_ifconfig_setup)
609
const char *ifconfig_local = NULL;
610
const char *ifconfig_remote_netmask = NULL;
611
const char *ifconfig_broadcast = NULL;
612
const char *ifconfig_ipv6_local = NULL;
613
const char *ifconfig_ipv6_remote = NULL;
614
bool do_ipv6 = false;
619
msg( M_INFO, "do_ifconfig, tt->ipv6=%d, tt->did_ifconfig_ipv6_setup=%d",
620
tt->ipv6, tt->did_ifconfig_ipv6_setup );
623
* We only handle TUN/TAP devices here, not --dev null devices.
625
tun = is_tun_p2p (tt);
628
* Set ifconfig parameters
630
ifconfig_local = print_in_addr_t (tt->local, 0, &gc);
631
ifconfig_remote_netmask = print_in_addr_t (tt->remote_netmask, 0, &gc);
633
if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
635
ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
636
ifconfig_ipv6_remote = print_in6_addr (tt->remote_ipv6, 0, &gc);
641
* If TAP-style device, generate broadcast address.
644
ifconfig_broadcast = print_in_addr_t (tt->broadcast, 0, &gc);
646
#ifdef ENABLE_MANAGEMENT
649
management_set_state (management,
650
OPENVPN_STATE_ASSIGN_IP,
658
#if defined(TARGET_LINUX)
659
#ifdef CONFIG_FEATURE_IPROUTE
661
* Set the MTU for the device
664
"%s link set dev %s up mtu %d",
669
argv_msg (M_INFO, &argv);
670
openvpn_execve_check (&argv, es, S_FATAL, "Linux ip link set failed");
675
* Set the address for the device
678
"%s addr add dev %s local %s peer %s",
682
ifconfig_remote_netmask
684
argv_msg (M_INFO, &argv);
685
openvpn_execve_check (&argv, es, S_FATAL, "Linux ip addr add failed");
688
"%s addr add dev %s %s/%d broadcast %s",
692
count_netmask_bits(ifconfig_remote_netmask),
695
argv_msg (M_INFO, &argv);
696
openvpn_execve_check (&argv, es, S_FATAL, "Linux ip addr add failed");
701
"%s -6 addr add %s/%d dev %s",
707
argv_msg (M_INFO, &argv);
708
openvpn_execve_check (&argv, es, S_FATAL, "Linux ip -6 addr add failed");
710
tt->did_ifconfig = true;
714
"%s %s %s pointopoint %s mtu %d",
718
ifconfig_remote_netmask,
723
"%s %s %s netmask %s mtu %d broadcast %s",
727
ifconfig_remote_netmask,
731
argv_msg (M_INFO, &argv);
732
openvpn_execve_check (&argv, es, S_FATAL, "Linux ifconfig failed");
736
"%s %s inet6 add %s/%d",
742
argv_msg (M_INFO, &argv);
743
openvpn_execve_check (&argv, es, S_FATAL, "Linux ifconfig inet6 failed");
745
tt->did_ifconfig = true;
747
#endif /*CONFIG_FEATURE_IPROUTE*/
748
#elif defined(TARGET_SOLARIS)
750
/* Solaris 2.6 (and 7?) cannot set all parameters in one go...
752
* ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 up
753
* ifconfig tun2 netmask 255.255.255.255
758
"%s %s %s %s mtu %d up",
762
ifconfig_remote_netmask,
766
argv_msg (M_INFO, &argv);
767
if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig phase-1 failed"))
768
solaris_error_close (tt, es, actual, false);
771
"%s %s netmask 255.255.255.255",
777
if (tt->topology == TOP_SUBNET)
780
"%s %s %s %s netmask %s mtu %d up",
785
ifconfig_remote_netmask,
791
" %s %s %s netmask %s broadcast + up",
795
ifconfig_remote_netmask
798
argv_msg (M_INFO, &argv);
799
if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig phase-2 failed"))
800
solaris_error_close (tt, es, actual, false);
804
argv_printf (&argv, "%s %s inet6 unplumb",
805
IFCONFIG_PATH, actual );
806
argv_msg (M_INFO, &argv);
807
openvpn_execve_check (&argv, es, 0, NULL);
809
if ( tt->type == DEV_TYPE_TUN )
812
"%s %s inet6 plumb %s/%d %s up",
822
/* base IPv6 tap interface needs to be brought up first
824
argv_printf (&argv, "%s %s inet6 plumb up",
825
IFCONFIG_PATH, actual );
826
argv_msg (M_INFO, &argv);
827
if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 (prepare) failed"))
828
solaris_error_close (tt, es, actual, true);
830
/* we might need to do "ifconfig %s inet6 auto-dhcp drop"
831
* after the system has noticed the interface and fired up
832
* the DHCPv6 client - but this takes quite a while, and the
833
* server will ignore the DHCPv6 packets anyway. So we don't.
836
/* static IPv6 addresses need to go to a subinterface (tap0:1)
839
"%s %s inet6 addif %s/%d up",
840
IFCONFIG_PATH, actual,
841
ifconfig_ipv6_local, tt->netbits_ipv6 );
843
argv_msg (M_INFO, &argv);
844
if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig IPv6 failed"))
845
solaris_error_close (tt, es, actual, true);
848
if (!tun && tt->topology == TOP_SUBNET)
850
/* Add a network route for the local tun interface */
854
r.network = tt->local & tt->remote_netmask;
855
r.netmask = tt->remote_netmask;
856
r.gateway = tt->local;
857
r.metric_defined = true;
859
add_route (&r, tt, 0, es);
862
tt->did_ifconfig = true;
864
#elif defined(TARGET_OPENBSD)
867
* OpenBSD tun devices appear to be persistent by default. It seems in order
868
* to make this work correctly, we need to delete the previous instance
869
* (if it exists), and re-ifconfig. Let me know if you know a better way.
876
argv_msg (M_INFO, &argv);
877
openvpn_execve_check (&argv, es, 0, NULL);
882
argv_msg (M_INFO, &argv);
883
openvpn_execve_check (&argv, es, 0, NULL);
884
msg (M_INFO, "NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure");
886
/* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */
889
"%s %s %s %s mtu %d netmask 255.255.255.255 up",
893
ifconfig_remote_netmask,
898
"%s %s %s netmask %s mtu %d broadcast %s link0",
902
ifconfig_remote_netmask,
906
argv_msg (M_INFO, &argv);
907
openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed");
917
argv_msg (M_INFO, &argv);
918
openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig inet6 failed");
920
/* and, hooray, we explicitely need to add a route... */
921
add_route_connected_v6_net(tt, es);
923
tt->did_ifconfig = true;
925
#elif defined(TARGET_NETBSD)
927
/* whether or not NetBSD can do IPv6 can be seen by the availability of
928
* the TUNSIFHEAD ioctl() - see next TARGET_NETBSD block for more details
931
# define NETBSD_MULTI_AF
934
/* as on OpenBSD and Darwin, destroy and re-create tun<x> interface
936
argv_printf (&argv, "%s %s destroy", IFCONFIG_PATH, actual );
937
argv_msg (M_INFO, &argv);
938
openvpn_execve_check (&argv, es, 0, "NetBSD ifconfig destroy failed");
940
argv_printf (&argv, "%s %s create", IFCONFIG_PATH, actual );
941
argv_msg (M_INFO, &argv);
942
openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig create failed");
946
"%s %s %s %s mtu %d netmask 255.255.255.255 up",
950
ifconfig_remote_netmask,
955
* NetBSD has distinct tun and tap devices
956
* so we don't need the "link0" extra parameter to specify we want to do
957
* tunneling at the ethernet level
960
"%s %s %s netmask %s mtu %d broadcast %s",
964
ifconfig_remote_netmask,
968
argv_msg (M_INFO, &argv);
969
openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed");
973
#ifdef NETBSD_MULTI_AF
981
argv_msg (M_INFO, &argv);
982
openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig inet6 failed");
984
/* and, hooray, we explicitely need to add a route... */
985
add_route_connected_v6_net(tt, es);
987
msg( M_INFO, "no IPv6 support for tun interfaces on NetBSD before 4.0 (if your system is newer, recompile openvpn)" );
991
tt->did_ifconfig = true;
993
#elif defined(TARGET_DARWIN)
996
* Darwin (i.e. Mac OS X) seems to exhibit similar behaviour to OpenBSD...
1003
argv_msg (M_INFO, &argv);
1004
openvpn_execve_check (&argv, es, 0, NULL);
1005
msg (M_INFO, "NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure");
1008
/* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */
1011
"%s %s %s %s mtu %d netmask 255.255.255.255 up",
1015
ifconfig_remote_netmask,
1020
if (tt->topology == TOP_SUBNET)
1022
"%s %s %s %s netmask %s mtu %d up",
1027
ifconfig_remote_netmask,
1032
"%s %s %s netmask %s mtu %d up",
1036
ifconfig_remote_netmask,
1040
argv_msg (M_INFO, &argv);
1041
openvpn_execve_check (&argv, es, S_FATAL, "Mac OS X ifconfig failed");
1042
tt->did_ifconfig = true;
1044
/* Add a network route for the local tun interface */
1045
if (!tun && tt->topology == TOP_SUBNET)
1050
r.network = tt->local & tt->remote_netmask;
1051
r.netmask = tt->remote_netmask;
1052
r.gateway = tt->local;
1053
add_route (&r, tt, 0, es);
1059
"%s %s inet6 %s/%d",
1062
ifconfig_ipv6_local,
1065
argv_msg (M_INFO, &argv);
1066
openvpn_execve_check (&argv, es, S_FATAL, "MacOS X ifconfig inet6 failed");
1068
/* and, hooray, we explicitely need to add a route... */
1069
add_route_connected_v6_net(tt, es);
1072
#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
1074
/* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */
1077
"%s %s %s %s mtu %d netmask 255.255.255.255 up",
1081
ifconfig_remote_netmask,
1086
"%s %s %s netmask %s mtu %d up",
1090
ifconfig_remote_netmask,
1094
argv_msg (M_INFO, &argv);
1095
openvpn_execve_check (&argv, es, S_FATAL, "FreeBSD ifconfig failed");
1096
tt->did_ifconfig = true;
1098
/* Add a network route for the local tun interface */
1099
if (!tun && tt->topology == TOP_SUBNET)
1104
r.network = tt->local & tt->remote_netmask;
1105
r.netmask = tt->remote_netmask;
1106
r.gateway = tt->local;
1107
add_route (&r, tt, 0, es);
1113
"%s %s inet6 %s/%d",
1116
ifconfig_ipv6_local,
1119
argv_msg (M_INFO, &argv);
1120
openvpn_execve_check (&argv, es, S_FATAL, "FreeBSD ifconfig inet6 failed");
1123
#elif defined (WIN32)
1126
* Make sure that both ifconfig addresses are part of the
1131
verify_255_255_255_252 (tt->local, tt->remote_netmask);
1132
tt->adapter_netmask = ~3;
1136
tt->adapter_netmask = tt->remote_netmask;
1139
switch (tt->options.ip_win32_type)
1141
case IPW32_SET_MANUAL:
1142
msg (M_INFO, "******** NOTE: Please manually set the IP/netmask of '%s' to %s/%s (if it is not already set)",
1145
print_in_addr_t (tt->adapter_netmask, 0, &gc));
1147
case IPW32_SET_NETSH:
1148
if (!strcmp (actual, "NULL"))
1149
msg (M_FATAL, "Error: When using --ip-win32 netsh, if you have more than one TAP-Win32 adapter, you must also specify --dev-node");
1151
netsh_ifconfig (&tt->options,
1154
tt->adapter_netmask,
1155
NI_IP_NETMASK|NI_OPTIONS);
1159
tt->did_ifconfig = true;
1162
/* IPv6 always uses "netsh" interface */
1165
char * saved_actual;
1167
if (!strcmp (actual, "NULL"))
1168
msg (M_FATAL, "Error: When using --tun-ipv6, if you have more than one TAP-Win32 adapter, you must also specify --dev-node");
1170
/* example: netsh interface ipv6 add address MyTap 2001:608:8003::d */
1172
"%s%sc interface ipv6 add address %s %s",
1176
ifconfig_ipv6_local );
1178
netsh_command (&argv, 4);
1180
/* explicit route needed */
1181
/* on windows, OpenVPN does ifconfig first, open_tun later, so
1182
* tt->actual_name might not yet be initialized, but routing code
1183
* needs to know interface name - point to "actual", restore later
1185
saved_actual = tt->actual_name;
1186
tt->actual_name = (char*) actual;
1187
add_route_connected_v6_net(tt, es);
1188
tt->actual_name = saved_actual;
1191
msg (M_FATAL, "Sorry, but I don't know how to do 'ifconfig' commands on this operating system. You should ifconfig your TUN/TAP device manually or use an --up script.");
1199
clear_tuntap (struct tuntap *tuntap)
1203
tuntap->hand = NULL;
1207
#ifdef TARGET_SOLARIS
1210
tuntap->ipv6 = false;
1214
open_null (struct tuntap *tt)
1216
tt->actual_name = string_alloc ("null", NULL);
1221
open_tun_generic (const char *dev, const char *dev_type, const char *dev_node,
1222
bool ipv6_explicitly_supported, bool dynamic,
1226
char dynamic_name[256];
1227
bool dynamic_opened = false;
1230
if ( tt->ipv6 && ! ipv6_explicitly_supported )
1231
msg (M_WARN, "NOTE: explicit support for IPv6 tun devices is not provided for this OS");
1233
if (tt->type == DEV_TYPE_NULL)
1240
* --dev-node specified, so open an explicit device node
1244
openvpn_snprintf (tunname, sizeof (tunname), "%s", dev_node);
1249
* dynamic open is indicated by --dev specified without
1250
* explicit unit number. Try opening /dev/[dev]n
1251
* where n = [0, 255].
1253
if (dynamic && !has_digit((unsigned char *)dev))
1256
for (i = 0; i < 256; ++i)
1258
openvpn_snprintf (tunname, sizeof (tunname),
1259
"/dev/%s%d", dev, i);
1260
openvpn_snprintf (dynamic_name, sizeof (dynamic_name),
1262
if ((tt->fd = open (tunname, O_RDWR)) > 0)
1264
dynamic_opened = true;
1267
msg (D_READ_WRITE | M_ERRNO, "Tried opening %s (failed)", tunname);
1269
if (!dynamic_opened)
1270
msg (M_FATAL, "Cannot allocate TUN/TAP dev dynamically");
1273
* explicit unit number specified
1277
openvpn_snprintf (tunname, sizeof (tunname), "/dev/%s", dev);
1281
if (!dynamic_opened)
1283
if ((tt->fd = open (tunname, O_RDWR)) < 0)
1284
msg (M_ERR, "Cannot open TUN/TAP dev %s", tunname);
1287
set_nonblock (tt->fd);
1288
set_cloexec (tt->fd); /* don't pass fd to scripts */
1289
msg (M_INFO, "TUN/TAP device %s opened", tunname);
1291
/* tt->actual_name is passed to up and down scripts and used as the ifconfig dev name */
1292
tt->actual_name = string_alloc (dynamic_opened ? dynamic_name : dev, NULL);
1297
close_tun_generic (struct tuntap *tt)
1301
if (tt->actual_name)
1302
free (tt->actual_name);
1308
#if defined(TARGET_LINUX)
1310
#ifdef HAVE_LINUX_IF_TUN_H /* New driver support */
1312
#ifndef HAVE_LINUX_SOCKIOS_H
1313
#error header file linux/sockios.h required
1316
#if defined(HAVE_TUN_PI) && defined(HAVE_IPHDR) && defined(HAVE_IOVEC) && defined(ETH_P_IPV6) && defined(ETH_P_IP) && defined(HAVE_READV) && defined(HAVE_WRITEV)
1317
#define LINUX_IPV6 1
1318
/* #warning IPv6 ON */
1320
#define LINUX_IPV6 0
1321
/* #warning IPv6 OFF */
1327
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
1331
/* warn if a very old linux version is used & --tun-ipv6 set
1335
msg (M_WARN, "NOTE: explicit support for IPv6 tun devices is not provided for this OS");
1339
* We handle --dev null specially, we do not open /dev/null for this.
1341
if (tt->type == DEV_TYPE_NULL)
1348
* Process --dev-node
1350
const char *node = dev_node;
1352
node = "/dev/net/tun";
1355
* Open the interface
1357
if ((tt->fd = open (node, O_RDWR)) < 0)
1359
msg (M_WARN | M_ERRNO, "Note: Cannot open TUN/TAP dev %s", node);
1364
* Process --tun-ipv6
1368
ifr.ifr_flags = IFF_NO_PI;
1370
#if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN)
1371
ifr.ifr_flags |= IFF_ONE_QUEUE;
1375
* Figure out if tun or tap device
1377
if (tt->type == DEV_TYPE_TUN)
1379
ifr.ifr_flags |= IFF_TUN;
1381
else if (tt->type == DEV_TYPE_TAP)
1383
ifr.ifr_flags |= IFF_TAP;
1387
msg (M_FATAL, "I don't recognize device %s as a tun or tap device",
1392
* Set an explicit name, if --dev is not tun or tap
1394
if (strcmp(dev, "tun") && strcmp(dev, "tap"))
1395
strncpynt (ifr.ifr_name, dev, IFNAMSIZ);
1398
* Use special ioctl that configures tun/tap device with the parms
1401
if (ioctl (tt->fd, TUNSETIFF, (void *) &ifr) < 0)
1403
msg (M_WARN | M_ERRNO, "Note: Cannot ioctl TUNSETIFF %s", dev);
1407
msg (M_INFO, "TUN/TAP device %s opened", ifr.ifr_name);
1410
* Try making the TX send queue bigger
1412
#if defined(IFF_ONE_QUEUE) && defined(SIOCSIFTXQLEN)
1413
if (tt->options.txqueuelen) {
1414
struct ifreq netifr;
1417
if ((ctl_fd = socket (AF_INET, SOCK_DGRAM, 0)) >= 0)
1420
strncpynt (netifr.ifr_name, ifr.ifr_name, IFNAMSIZ);
1421
netifr.ifr_qlen = tt->options.txqueuelen;
1422
if (ioctl (ctl_fd, SIOCSIFTXQLEN, (void *) &netifr) >= 0)
1423
msg (D_OSBUF, "TUN/TAP TX queue length set to %d", tt->options.txqueuelen);
1425
msg (M_WARN | M_ERRNO, "Note: Cannot set tx queue length on %s", ifr.ifr_name);
1430
msg (M_WARN | M_ERRNO, "Note: Cannot open control socket on %s", ifr.ifr_name);
1435
set_nonblock (tt->fd);
1436
set_cloexec (tt->fd);
1437
tt->actual_name = string_alloc (ifr.ifr_name, NULL);
1445
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
1455
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
1457
open_tun_generic (dev, dev_type, dev_node, false, true, tt);
1460
#endif /* HAVE_LINUX_IF_TUN_H */
1462
#ifdef TUNSETPERSIST
1465
* This can be removed in future
1466
* when all systems will use newer
1470
#define TUNSETOWNER _IOW('T', 204, int)
1473
#define TUNSETGROUP _IOW('T', 206, int)
1477
tuncfg (const char *dev, const char *dev_type, const char *dev_node, int persist_mode, const char *username, const char *groupname, const struct tuntap_options *options)
1481
ALLOC_OBJ (tt, struct tuntap);
1483
tt->type = dev_type_enum (dev, dev_type);
1484
tt->options = *options;
1485
open_tun (dev, dev_type, dev_node, tt);
1486
if (ioctl (tt->fd, TUNSETPERSIST, persist_mode) < 0)
1487
msg (M_ERR, "Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev);
1488
if (username != NULL)
1490
struct user_state user_state;
1492
if (!get_user (username, &user_state))
1493
msg (M_ERR, "Cannot get user entry for %s", username);
1495
if (ioctl (tt->fd, TUNSETOWNER, user_state.pw->pw_uid) < 0)
1496
msg (M_ERR, "Cannot ioctl TUNSETOWNER(%s) %s", username, dev);
1498
if (groupname != NULL)
1500
struct group_state group_state;
1502
if (!get_group (groupname, &group_state))
1503
msg (M_ERR, "Cannot get group entry for %s", groupname);
1505
if (ioctl (tt->fd, TUNSETGROUP, group_state.gr->gr_gid) < 0)
1506
msg (M_ERR, "Cannot ioctl TUNSETOWNER(%s) %s", groupname, dev);
1509
msg (M_INFO, "Persist state set to: %s", (persist_mode ? "ON" : "OFF"));
1512
#endif /* TUNSETPERSIST */
1515
close_tun (struct tuntap *tt)
1519
if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig)
1522
struct gc_arena gc = gc_new ();
1525
#ifdef CONFIG_FEATURE_IPROUTE
1526
if (is_tun_p2p (tt))
1529
"%s addr del dev %s local %s peer %s",
1532
print_in_addr_t (tt->local, 0, &gc),
1533
print_in_addr_t (tt->remote_netmask, 0, &gc)
1539
"%s addr del dev %s %s/%d",
1542
print_in_addr_t (tt->local, 0, &gc),
1543
count_netmask_bits(print_in_addr_t (tt->remote_netmask, 0, &gc))
1554
argv_msg (M_INFO, &argv);
1555
openvpn_execve_check (&argv, NULL, 0, "Linux ip addr del failed");
1560
close_tun_generic (tt);
1566
write_tun (struct tuntap* tt, uint8_t *buf, int len)
1573
struct iovec vect[2];
1576
iph = (struct iphdr *)buf;
1580
if(iph->version == 6)
1581
pi.proto = htons(ETH_P_IPV6);
1583
pi.proto = htons(ETH_P_IP);
1585
vect[0].iov_len = sizeof(pi);
1586
vect[0].iov_base = π
1587
vect[1].iov_len = len;
1588
vect[1].iov_base = buf;
1590
ret = writev(tt->fd, vect, 2);
1591
return(ret - sizeof(pi));
1595
return write (tt->fd, buf, len);
1599
read_tun (struct tuntap* tt, uint8_t *buf, int len)
1604
struct iovec vect[2];
1608
vect[0].iov_len = sizeof(pi);
1609
vect[0].iov_base = π
1610
vect[1].iov_len = len;
1611
vect[1].iov_base = buf;
1613
ret = readv(tt->fd, vect, 2);
1614
return(ret - sizeof(pi));
1618
return read (tt->fd, buf, len);
1621
#elif defined(TARGET_SOLARIS)
1624
#error I need the symbol TUNNEWPPA from net/if_tun.h
1628
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
1630
int if_fd, ip_muxid, arp_muxid, arp_fd, ppa = -1;
1633
const char *ip_node, *arp_node;
1634
const char *dev_tuntap_type;
1637
struct strioctl strioc_if, strioc_ppa;
1639
/* improved generic TUN/TAP driver from
1640
* http://www.whiteboard.ne.jp/~admin2/tuntap/
1643
memset(&ifr, 0x0, sizeof(ifr));
1645
if (tt->type == DEV_TYPE_NULL)
1651
if (tt->type == DEV_TYPE_TUN)
1653
ip_node = "/dev/udp";
1655
dev_node = "/dev/tun";
1656
dev_tuntap_type = "tun";
1657
link_type = I_PLINK;
1660
else if (tt->type == DEV_TYPE_TAP)
1662
ip_node = "/dev/udp";
1664
dev_node = "/dev/tap";
1665
arp_node = dev_node;
1666
dev_tuntap_type = "tap";
1667
link_type = I_PLINK; /* was: I_LINK */
1672
msg (M_FATAL, "I don't recognize device %s as a tun or tap device",
1676
/* get unit number */
1680
while (*ptr && !isdigit ((int) *ptr))
1685
if ((tt->ip_fd = open (ip_node, O_RDWR, 0)) < 0)
1686
msg (M_ERR, "Can't open %s", ip_node);
1688
if ((tt->fd = open (dev_node, O_RDWR, 0)) < 0)
1689
msg (M_ERR, "Can't open %s", dev_node);
1691
/* Assign a new PPA and get its unit number. */
1692
strioc_ppa.ic_cmd = TUNNEWPPA;
1693
strioc_ppa.ic_timout = 0;
1694
strioc_ppa.ic_len = sizeof(ppa);
1695
strioc_ppa.ic_dp = (char *)&ppa;
1696
if ((ppa = ioctl (tt->fd, I_STR, &strioc_ppa)) < 0)
1697
msg (M_ERR, "Can't assign new interface");
1699
if ((if_fd = open (dev_node, O_RDWR, 0)) < 0)
1700
msg (M_ERR, "Can't open %s (2)", dev_node);
1702
if (ioctl (if_fd, I_PUSH, "ip") < 0)
1703
msg (M_ERR, "Can't push IP module");
1705
if (tt->type == DEV_TYPE_TUN)
1707
/* Assign ppa according to the unit number returned by tun device */
1708
if (ioctl (if_fd, IF_UNITSEL, (char *) &ppa) < 0)
1709
msg (M_ERR, "Can't set PPA %d", ppa);
1712
tt->actual_name = (char *) malloc (32);
1713
check_malloc_return (tt->actual_name);
1715
openvpn_snprintf (tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa);
1717
if (tt->type == DEV_TYPE_TAP)
1719
if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) < 0)
1720
msg (M_ERR, "Can't get flags\n");
1721
strncpynt (ifr.lifr_name, tt->actual_name, sizeof (ifr.lifr_name));
1723
/* Assign ppa according to the unit number returned by tun device */
1724
if (ioctl (if_fd, SIOCSLIFNAME, &ifr) < 0)
1725
msg (M_ERR, "Can't set PPA %d", ppa);
1726
if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) <0)
1727
msg (M_ERR, "Can't get flags\n");
1728
/* Push arp module to if_fd */
1729
if (ioctl (if_fd, I_PUSH, "arp") < 0)
1730
msg (M_ERR, "Can't push ARP module");
1732
/* Pop any modules on the stream */
1735
if (ioctl (tt->ip_fd, I_POP, NULL) < 0)
1738
/* Push arp module to ip_fd */
1739
if (ioctl (tt->ip_fd, I_PUSH, "arp") < 0)
1740
msg (M_ERR, "Can't push ARP module\n");
1743
if ((arp_fd = open (arp_node, O_RDWR, 0)) < 0)
1744
msg (M_ERR, "Can't open %s\n", arp_node);
1745
/* Push arp module to arp_fd */
1746
if (ioctl (arp_fd, I_PUSH, "arp") < 0)
1747
msg (M_ERR, "Can't push ARP module\n");
1749
/* Set ifname to arp */
1750
strioc_if.ic_cmd = SIOCSLIFNAME;
1751
strioc_if.ic_timout = 0;
1752
strioc_if.ic_len = sizeof(ifr);
1753
strioc_if.ic_dp = (char *)𝔦
1754
if (ioctl(arp_fd, I_STR, &strioc_if) < 0){
1755
msg (M_ERR, "Can't set ifname to arp\n");
1759
if ((ip_muxid = ioctl (tt->ip_fd, link_type, if_fd)) < 0)
1760
msg (M_ERR, "Can't link %s device to IP", dev_tuntap_type);
1762
if (tt->type == DEV_TYPE_TAP) {
1763
if ((arp_muxid = ioctl (tt->ip_fd, link_type, arp_fd)) < 0)
1764
msg (M_ERR, "Can't link %s device to ARP", dev_tuntap_type);
1769
strncpynt (ifr.lifr_name, tt->actual_name, sizeof (ifr.lifr_name));
1770
ifr.lifr_ip_muxid = ip_muxid;
1771
if (tt->type == DEV_TYPE_TAP) {
1772
ifr.lifr_arp_muxid = arp_muxid;
1775
if (ioctl (tt->ip_fd, SIOCSLIFMUXID, &ifr) < 0)
1777
if (tt->type == DEV_TYPE_TAP)
1779
ioctl (tt->ip_fd, I_PUNLINK , arp_muxid);
1781
ioctl (tt->ip_fd, I_PUNLINK, ip_muxid);
1782
msg (M_ERR, "Can't set multiplexor id");
1785
set_nonblock (tt->fd);
1786
set_cloexec (tt->fd);
1787
set_cloexec (tt->ip_fd);
1789
msg (M_INFO, "TUN/TAP device %s opened", tt->actual_name);
1793
solaris_close_tun (struct tuntap *tt)
1797
/* IPv6 interfaces need to be 'manually' de-configured */
1798
if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
1802
argv_printf( &argv, "%s %s inet6 unplumb",
1803
IFCONFIG_PATH, tt->actual_name );
1804
argv_msg (M_INFO, &argv);
1805
openvpn_execve_check (&argv, NULL, 0, "Solaris ifconfig inet6 unplumb failed");
1813
strncpynt (ifr.lifr_name, tt->actual_name, sizeof (ifr.lifr_name));
1815
if (ioctl (tt->ip_fd, SIOCGLIFFLAGS, &ifr) < 0)
1816
msg (M_WARN | M_ERRNO, "Can't get iface flags");
1818
if (ioctl (tt->ip_fd, SIOCGLIFMUXID, &ifr) < 0)
1819
msg (M_WARN | M_ERRNO, "Can't get multiplexor id");
1821
if (tt->type == DEV_TYPE_TAP)
1823
if (ioctl (tt->ip_fd, I_PUNLINK, ifr.lifr_arp_muxid) < 0)
1824
msg (M_WARN | M_ERRNO, "Can't unlink interface(arp)");
1827
if (ioctl (tt->ip_fd, I_PUNLINK, ifr.lifr_ip_muxid) < 0)
1828
msg (M_WARN | M_ERRNO, "Can't unlink interface(ip)");
1846
close_tun (struct tuntap *tt)
1850
solaris_close_tun (tt);
1852
if (tt->actual_name)
1853
free (tt->actual_name);
1861
solaris_error_close (struct tuntap *tt, const struct env_set *es,
1862
const char *actual, bool unplumb_inet6 )
1869
argv_printf( &argv, "%s %s inet6 unplumb",
1870
IFCONFIG_PATH, actual );
1871
argv_msg (M_INFO, &argv);
1872
openvpn_execve_check (&argv, es, 0, "Solaris ifconfig inet6 unplumb failed");
1880
argv_msg (M_INFO, &argv);
1881
openvpn_execve_check (&argv, es, 0, "Solaris ifconfig unplumb failed");
1883
msg (M_FATAL, "Solaris ifconfig failed");
1888
write_tun (struct tuntap* tt, uint8_t *buf, int len)
1892
sbuf.buf = (char *)buf;
1893
return putmsg (tt->fd, NULL, &sbuf, 0) >= 0 ? sbuf.len : -1;
1897
read_tun (struct tuntap* tt, uint8_t *buf, int len)
1903
sbuf.buf = (char *)buf;
1904
return getmsg (tt->fd, NULL, &sbuf, &f) >= 0 ? sbuf.len : -1;
1907
#elif defined(TARGET_OPENBSD)
1909
#if !defined(HAVE_READV) || !defined(HAVE_WRITEV)
1910
#error openbsd build requires readv & writev library functions
1914
* OpenBSD has a slightly incompatible TUN device from
1915
* the rest of the world, in that it prepends a
1916
* uint32 to the beginning of the IP header
1917
* to designate the protocol (why not just
1918
* look at the version field in the IP header to
1919
* determine v4 or v6?).
1921
* We strip off this field on reads and
1922
* put it back on writes.
1924
* I have not tested TAP devices on OpenBSD,
1925
* but I have conditionalized the special
1926
* TUN handling code described above to
1927
* go away for TAP devices.
1931
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
1933
open_tun_generic (dev, dev_type, dev_node, true, true, tt);
1935
/* Enable multicast on the interface */
1938
struct tuninfo info;
1940
if (ioctl (tt->fd, TUNGIFINFO, &info) < 0) {
1941
msg (M_WARN | M_ERRNO, "Can't get interface info: %s",
1945
#ifdef IFF_MULTICAST /* openbsd 4.x doesn't have this */
1946
info.flags |= IFF_MULTICAST;
1949
if (ioctl (tt->fd, TUNSIFINFO, &info) < 0) {
1950
msg (M_WARN | M_ERRNO, "Can't set interface info: %s",
1956
/* the current way OpenVPN handles tun devices on OpenBSD leads to
1957
* lingering tunX interfaces after close -> for a full cleanup, they
1958
* need to be explicitely destroyed
1962
close_tun (struct tuntap* tt)
1966
struct gc_arena gc = gc_new ();
1969
/* setup command, close tun dev (clears tt->actual_name!), run command
1973
argv_printf (&argv, "%s %s destroy",
1974
IFCONFIG_PATH, tt->actual_name);
1976
close_tun_generic (tt);
1978
argv_msg (M_INFO, &argv);
1979
openvpn_execve_check (&argv, NULL, 0, "OpenBSD 'destroy tun interface' failed (non-critical)");
1986
openbsd_modify_read_write_return (int len)
1989
return len > sizeof (u_int32_t) ? len - sizeof (u_int32_t) : 0;
1995
write_tun (struct tuntap* tt, uint8_t *buf, int len)
1997
if (tt->type == DEV_TYPE_TUN)
2003
iph = (struct ip *) buf;
2005
if (tt->ipv6 && iph->ip_v == 6)
2006
type = htonl (AF_INET6);
2008
type = htonl (AF_INET);
2010
iv[0].iov_base = &type;
2011
iv[0].iov_len = sizeof (type);
2012
iv[1].iov_base = buf;
2013
iv[1].iov_len = len;
2015
return openbsd_modify_read_write_return (writev (tt->fd, iv, 2));
2018
return write (tt->fd, buf, len);
2022
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2024
if (tt->type == DEV_TYPE_TUN)
2029
iv[0].iov_base = &type;
2030
iv[0].iov_len = sizeof (type);
2031
iv[1].iov_base = buf;
2032
iv[1].iov_len = len;
2034
return openbsd_modify_read_write_return (readv (tt->fd, iv, 2));
2037
return read (tt->fd, buf, len);
2040
#elif defined(TARGET_NETBSD)
2043
* NetBSD before 4.0 does not support IPv6 on tun out of the box,
2044
* but there exists a patch (sys/net/if_tun.c, 1.79->1.80, see PR 32944).
2046
* NetBSD 4.0 and up do, but we need to put the tun interface into
2047
* "multi_af" mode, which will prepend the address family to all packets
2048
* (same as OpenBSD and FreeBSD). If this is not enabled, the kernel
2049
* silently drops all IPv6 packets on output and gets confused on input.
2051
* On earlier versions, multi_af is not available at all, so we have
2052
* two different NetBSD code variants here :-(
2057
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
2059
#ifdef NETBSD_MULTI_AF
2060
open_tun_generic (dev, dev_type, dev_node, true, true, tt);
2062
open_tun_generic (dev, dev_type, dev_node, false, true, tt);
2067
int i = IFF_POINTOPOINT|IFF_MULTICAST;
2068
ioctl (tt->fd, TUNSIFMODE, &i); /* multicast on */
2070
ioctl (tt->fd, TUNSLMODE, &i); /* link layer mode off */
2072
#ifdef NETBSD_MULTI_AF
2074
if (ioctl (tt->fd, TUNSIFHEAD, &i) < 0) /* multi-af mode on */
2076
msg (M_WARN | M_ERRNO, "ioctl(TUNSIFHEAD): %s", strerror(errno));
2083
close_tun (struct tuntap *tt)
2085
/* TODO: we really should cleanup non-persistant tunX with
2086
* "ifconfig tunX destroy" here...
2090
close_tun_generic (tt);
2095
#ifdef NETBSD_MULTI_AF
2098
netbsd_modify_read_write_return (int len)
2101
return len > sizeof (u_int32_t) ? len - sizeof (u_int32_t) : 0;
2107
write_tun (struct tuntap* tt, uint8_t *buf, int len)
2109
if (tt->type == DEV_TYPE_TUN)
2113
struct openvpn_iphdr *iph;
2115
iph = (struct openvpn_iphdr *) buf;
2117
if (tt->ipv6 && OPENVPN_IPH_GET_VER(iph->version_len) == 6)
2118
type = htonl (AF_INET6);
2120
type = htonl (AF_INET);
2122
iv[0].iov_base = (char *)&type;
2123
iv[0].iov_len = sizeof (type);
2124
iv[1].iov_base = buf;
2125
iv[1].iov_len = len;
2127
return netbsd_modify_read_write_return (writev (tt->fd, iv, 2));
2130
return write (tt->fd, buf, len);
2134
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2136
if (tt->type == DEV_TYPE_TUN)
2141
iv[0].iov_base = (char *)&type;
2142
iv[0].iov_len = sizeof (type);
2143
iv[1].iov_base = buf;
2144
iv[1].iov_len = len;
2146
return netbsd_modify_read_write_return (readv (tt->fd, iv, 2));
2149
return read (tt->fd, buf, len);
2152
#else /* not NETBSD_MULTI_AF -> older code, IPv4 only */
2155
write_tun (struct tuntap* tt, uint8_t *buf, int len)
2157
return write (tt->fd, buf, len);
2161
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2163
return read (tt->fd, buf, len);
2165
#endif /* NETBSD_MULTI_AF */
2167
#elif defined(TARGET_FREEBSD)
2170
freebsd_modify_read_write_return (int len)
2173
return len > sizeof (u_int32_t) ? len - sizeof (u_int32_t) : 0;
2179
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
2181
open_tun_generic (dev, dev_type, dev_node, true, true, tt);
2183
if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
2187
i = tt->topology == TOP_SUBNET ? IFF_BROADCAST : IFF_POINTOPOINT;
2189
if (ioctl (tt->fd, TUNSIFMODE, &i) < 0) {
2190
msg (M_WARN | M_ERRNO, "ioctl(TUNSIFMODE): %s", strerror(errno));
2193
if (ioctl (tt->fd, TUNSIFHEAD, &i) < 0) {
2194
msg (M_WARN | M_ERRNO, "ioctl(TUNSIFHEAD): %s", strerror(errno));
2200
close_tun (struct tuntap *tt)
2204
close_tun_generic (tt);
2210
write_tun (struct tuntap* tt, uint8_t *buf, int len)
2212
if (tt->type == DEV_TYPE_TUN)
2218
iph = (struct ip *) buf;
2220
if (tt->ipv6 && iph->ip_v == 6)
2221
type = htonl (AF_INET6);
2223
type = htonl (AF_INET);
2225
iv[0].iov_base = (char *)&type;
2226
iv[0].iov_len = sizeof (type);
2227
iv[1].iov_base = buf;
2228
iv[1].iov_len = len;
2230
return freebsd_modify_read_write_return (writev (tt->fd, iv, 2));
2233
return write (tt->fd, buf, len);
2237
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2239
if (tt->type == DEV_TYPE_TUN)
2244
iv[0].iov_base = (char *)&type;
2245
iv[0].iov_len = sizeof (type);
2246
iv[1].iov_base = buf;
2247
iv[1].iov_len = len;
2249
return freebsd_modify_read_write_return (readv (tt->fd, iv, 2));
2252
return read (tt->fd, buf, len);
2255
#elif defined(TARGET_DRAGONFLY)
2258
dragonfly_modify_read_write_return (int len)
2261
return len > sizeof (u_int32_t) ? len - sizeof (u_int32_t) : 0;
2267
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
2269
open_tun_generic (dev, dev_type, dev_node, true, true, tt);
2275
/* Disable extended modes */
2276
ioctl (tt->fd, TUNSLMODE, &i);
2278
ioctl (tt->fd, TUNSIFHEAD, &i);
2283
close_tun (struct tuntap *tt)
2287
close_tun_generic (tt);
2293
write_tun (struct tuntap* tt, uint8_t *buf, int len)
2295
if (tt->type == DEV_TYPE_TUN)
2301
iph = (struct ip *) buf;
2303
if (tt->ipv6 && iph->ip_v == 6)
2304
type = htonl (AF_INET6);
2306
type = htonl (AF_INET);
2308
iv[0].iov_base = (char *)&type;
2309
iv[0].iov_len = sizeof (type);
2310
iv[1].iov_base = buf;
2311
iv[1].iov_len = len;
2313
return dragonfly_modify_read_write_return (writev (tt->fd, iv, 2));
2316
return write (tt->fd, buf, len);
2320
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2322
if (tt->type == DEV_TYPE_TUN)
2327
iv[0].iov_base = (char *)&type;
2328
iv[0].iov_len = sizeof (type);
2329
iv[1].iov_base = buf;
2330
iv[1].iov_len = len;
2332
return dragonfly_modify_read_write_return (readv (tt->fd, iv, 2));
2335
return read (tt->fd, buf, len);
2338
#elif defined(TARGET_DARWIN)
2340
/* Darwin (MacOS X) is mostly "just use the generic stuff", but there
2341
* is always one caveat...:
2343
* If IPv6 is configured, and the tun device is closed, the IPv6 address
2344
* configured to the tun interface changes to a lingering /128 route
2345
* pointing to lo0. Need to unconfigure... (observed on 10.5)
2349
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
2351
open_tun_generic (dev, dev_type, dev_node, false, true, tt);
2355
close_tun (struct tuntap* tt)
2359
struct gc_arena gc = gc_new ();
2363
if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
2365
const char * ifconfig_ipv6_local =
2366
print_in6_addr (tt->local_ipv6, 0, &gc);
2368
argv_printf (&argv, "%s delete -inet6 %s",
2369
ROUTE_PATH, ifconfig_ipv6_local );
2370
argv_msg (M_INFO, &argv);
2371
openvpn_execve_check (&argv, NULL, 0, "MacOS X 'remove inet6 route' failed (non-critical)");
2374
close_tun_generic (tt);
2382
write_tun (struct tuntap* tt, uint8_t *buf, int len)
2384
return write (tt->fd, buf, len);
2388
read_tun (struct tuntap* tt, uint8_t *buf, int len)
2390
return read (tt->fd, buf, len);
2393
#elif defined(WIN32)
2396
tun_read_queue (struct tuntap *tt, int maxsize)
2398
if (tt->reads.iostate == IOSTATE_INITIAL)
2404
/* reset buf to its initial state */
2405
tt->reads.buf = tt->reads.buf_init;
2407
len = maxsize ? maxsize : BLEN (&tt->reads.buf);
2408
ASSERT (len <= BLEN (&tt->reads.buf));
2410
/* the overlapped read will signal this event on I/O completion */
2411
ASSERT (ResetEvent (tt->reads.overlapped.hEvent));
2415
BPTR (&tt->reads.buf),
2418
&tt->reads.overlapped
2421
if (status) /* operation completed immediately? */
2423
/* since we got an immediate return, we must signal the event object ourselves */
2424
ASSERT (SetEvent (tt->reads.overlapped.hEvent));
2426
tt->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
2427
tt->reads.status = 0;
2429
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Read immediate return [%d,%d]",
2431
(int) tt->reads.size);
2435
err = GetLastError ();
2436
if (err == ERROR_IO_PENDING) /* operation queued? */
2438
tt->reads.iostate = IOSTATE_QUEUED;
2439
tt->reads.status = err;
2440
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Read queued [%d]",
2443
else /* error occurred */
2445
struct gc_arena gc = gc_new ();
2446
ASSERT (SetEvent (tt->reads.overlapped.hEvent));
2447
tt->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
2448
tt->reads.status = err;
2449
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Read error [%d] : %s",
2451
strerror_win32 (status, &gc));
2456
return tt->reads.iostate;
2460
tun_write_queue (struct tuntap *tt, struct buffer *buf)
2462
if (tt->writes.iostate == IOSTATE_INITIAL)
2467
/* make a private copy of buf */
2468
tt->writes.buf = tt->writes.buf_init;
2469
tt->writes.buf.len = 0;
2470
ASSERT (buf_copy (&tt->writes.buf, buf));
2472
/* the overlapped write will signal this event on I/O completion */
2473
ASSERT (ResetEvent (tt->writes.overlapped.hEvent));
2477
BPTR (&tt->writes.buf),
2478
BLEN (&tt->writes.buf),
2480
&tt->writes.overlapped
2483
if (status) /* operation completed immediately? */
2485
tt->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
2487
/* since we got an immediate return, we must signal the event object ourselves */
2488
ASSERT (SetEvent (tt->writes.overlapped.hEvent));
2490
tt->writes.status = 0;
2492
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Write immediate return [%d,%d]",
2493
BLEN (&tt->writes.buf),
2494
(int) tt->writes.size);
2498
err = GetLastError ();
2499
if (err == ERROR_IO_PENDING) /* operation queued? */
2501
tt->writes.iostate = IOSTATE_QUEUED;
2502
tt->writes.status = err;
2503
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Write queued [%d]",
2504
BLEN (&tt->writes.buf));
2506
else /* error occurred */
2508
struct gc_arena gc = gc_new ();
2509
ASSERT (SetEvent (tt->writes.overlapped.hEvent));
2510
tt->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
2511
tt->writes.status = err;
2512
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Write error [%d] : %s",
2513
BLEN (&tt->writes.buf),
2514
strerror_win32 (err, &gc));
2519
return tt->writes.iostate;
2525
struct overlapped_io *io,
2531
switch (io->iostate)
2533
case IOSTATE_QUEUED:
2534
status = GetOverlappedResult(
2542
/* successful return for a queued operation */
2546
io->iostate = IOSTATE_INITIAL;
2547
ASSERT (ResetEvent (io->overlapped.hEvent));
2548
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Completion success [%d]", ret);
2552
/* error during a queued operation */
2554
if (GetLastError() != ERROR_IO_INCOMPLETE)
2556
/* if no error (i.e. just not finished yet),
2557
then DON'T execute this code */
2558
io->iostate = IOSTATE_INITIAL;
2559
ASSERT (ResetEvent (io->overlapped.hEvent));
2560
msg (D_WIN32_IO | M_ERRNO, "WIN32 I/O: TAP Completion error");
2565
case IOSTATE_IMMEDIATE_RETURN:
2566
io->iostate = IOSTATE_INITIAL;
2567
ASSERT (ResetEvent (io->overlapped.hEvent));
2570
/* error return for a non-queued operation */
2571
SetLastError (io->status);
2573
msg (D_WIN32_IO | M_ERRNO, "WIN32 I/O: TAP Completion non-queued error");
2577
/* successful return for a non-queued operation */
2581
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Completion non-queued success [%d]", ret);
2585
case IOSTATE_INITIAL: /* were we called without proper queueing? */
2586
SetLastError (ERROR_INVALID_FUNCTION);
2588
dmsg (D_WIN32_IO, "WIN32 I/O: TAP Completion BAD STATE");
2600
const struct tap_reg *
2601
get_tap_reg (struct gc_arena *gc)
2606
struct tap_reg *first = NULL;
2607
struct tap_reg *last = NULL;
2610
status = RegOpenKeyEx(
2617
if (status != ERROR_SUCCESS)
2618
msg (M_FATAL, "Error opening registry key: %s", ADAPTER_KEY);
2622
char enum_name[256];
2623
char unit_string[256];
2625
char component_id_string[] = "ComponentId";
2626
char component_id[256];
2627
char net_cfg_instance_id_string[] = "NetCfgInstanceId";
2628
char net_cfg_instance_id[256];
2631
len = sizeof (enum_name);
2632
status = RegEnumKeyEx(
2641
if (status == ERROR_NO_MORE_ITEMS)
2643
else if (status != ERROR_SUCCESS)
2644
msg (M_FATAL, "Error enumerating registry subkeys of key: %s",
2647
openvpn_snprintf (unit_string, sizeof(unit_string), "%s\\%s",
2648
ADAPTER_KEY, enum_name);
2650
status = RegOpenKeyEx(
2657
if (status != ERROR_SUCCESS)
2658
dmsg (D_REGISTRY, "Error opening registry key: %s", unit_string);
2661
len = sizeof (component_id);
2662
status = RegQueryValueEx(
2664
component_id_string,
2670
if (status != ERROR_SUCCESS || data_type != REG_SZ)
2671
dmsg (D_REGISTRY, "Error opening registry key: %s\\%s",
2672
unit_string, component_id_string);
2675
len = sizeof (net_cfg_instance_id);
2676
status = RegQueryValueEx(
2678
net_cfg_instance_id_string,
2681
net_cfg_instance_id,
2684
if (status == ERROR_SUCCESS && data_type == REG_SZ)
2686
if (!strcmp (component_id, TAP_COMPONENT_ID))
2688
struct tap_reg *reg;
2689
ALLOC_OBJ_CLEAR_GC (reg, struct tap_reg, gc);
2690
reg->guid = string_alloc (net_cfg_instance_id, gc);
2692
/* link into return list */
2701
RegCloseKey (unit_key);
2706
RegCloseKey (adapter_key);
2710
const struct panel_reg *
2711
get_panel_reg (struct gc_arena *gc)
2714
HKEY network_connections_key;
2716
struct panel_reg *first = NULL;
2717
struct panel_reg *last = NULL;
2720
status = RegOpenKeyEx(
2722
NETWORK_CONNECTIONS_KEY,
2725
&network_connections_key);
2727
if (status != ERROR_SUCCESS)
2728
msg (M_FATAL, "Error opening registry key: %s", NETWORK_CONNECTIONS_KEY);
2732
char enum_name[256];
2733
char connection_string[256];
2734
HKEY connection_key;
2735
char name_data[256];
2737
const char name_string[] = "Name";
2739
len = sizeof (enum_name);
2740
status = RegEnumKeyEx(
2741
network_connections_key,
2749
if (status == ERROR_NO_MORE_ITEMS)
2751
else if (status != ERROR_SUCCESS)
2752
msg (M_FATAL, "Error enumerating registry subkeys of key: %s",
2753
NETWORK_CONNECTIONS_KEY);
2755
openvpn_snprintf (connection_string, sizeof(connection_string),
2756
"%s\\%s\\Connection",
2757
NETWORK_CONNECTIONS_KEY, enum_name);
2759
status = RegOpenKeyEx(
2766
if (status != ERROR_SUCCESS)
2767
dmsg (D_REGISTRY, "Error opening registry key: %s", connection_string);
2770
len = sizeof (name_data);
2771
status = RegQueryValueEx(
2779
if (status != ERROR_SUCCESS || name_type != REG_SZ)
2780
dmsg (D_REGISTRY, "Error opening registry key: %s\\%s\\%s",
2781
NETWORK_CONNECTIONS_KEY, connection_string, name_string);
2784
struct panel_reg *reg;
2786
ALLOC_OBJ_CLEAR_GC (reg, struct panel_reg, gc);
2787
reg->name = string_alloc (name_data, gc);
2788
reg->guid = string_alloc (enum_name, gc);
2790
/* link into return list */
2797
RegCloseKey (connection_key);
2802
RegCloseKey (network_connections_key);
2808
* Check that two addresses are part of the same 255.255.255.252 subnet.
2811
verify_255_255_255_252 (in_addr_t local, in_addr_t remote)
2813
struct gc_arena gc = gc_new ();
2814
const unsigned int mask = 3;
2815
const char *err = NULL;
2817
if (local == remote)
2819
err = "must be different";
2822
if ((local & (~mask)) != (remote & (~mask)))
2824
err = "must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver";
2827
if ((local & mask) == 0
2828
|| (local & mask) == 3
2829
|| (remote & mask) == 0
2830
|| (remote & mask) == 3)
2832
err = "cannot use the first or last address within a given 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver";
2840
msg (M_FATAL, "There is a problem in your selection of --ifconfig endpoints [local=%s, remote=%s]. The local and remote VPN endpoints %s. Try '" PACKAGE " --show-valid-subnets' option for more info.",
2841
print_in_addr_t (local, 0, &gc),
2842
print_in_addr_t (remote, 0, &gc),
2847
void show_valid_win32_tun_subnets (void)
2852
printf ("On Windows, point-to-point IP support (i.e. --dev tun)\n");
2853
printf ("is emulated by the TAP-Win32 driver. The major limitation\n");
2854
printf ("imposed by this approach is that the --ifconfig local and\n");
2855
printf ("remote endpoints must be part of the same 255.255.255.252\n");
2856
printf ("subnet. The following list shows examples of endpoint\n");
2857
printf ("pairs which satisfy this requirement. Only the final\n");
2858
printf ("component of the IP address pairs is at issue.\n\n");
2859
printf ("As an example, the following option would be correct:\n");
2860
printf (" --ifconfig 10.7.0.5 10.7.0.6 (on host A)\n");
2861
printf (" --ifconfig 10.7.0.6 10.7.0.5 (on host B)\n");
2862
printf ("because [5,6] is part of the below list.\n\n");
2864
for (i = 0; i < 256; i += 4)
2866
printf("[%3d,%3d] ", i+1, i+2);
2878
show_tap_win32_adapters (int msglev, int warnlev)
2880
struct gc_arena gc = gc_new ();
2882
bool warn_panel_null = false;
2883
bool warn_panel_dup = false;
2884
bool warn_tap_dup = false;
2888
const struct tap_reg *tr;
2889
const struct tap_reg *tr1;
2890
const struct panel_reg *pr;
2892
const struct tap_reg *tap_reg = get_tap_reg (&gc);
2893
const struct panel_reg *panel_reg = get_panel_reg (&gc);
2895
msg (msglev, "Available TAP-WIN32 adapters [name, GUID]:");
2897
/* loop through each TAP-Win32 adapter registry entry */
2898
for (tr = tap_reg; tr != NULL; tr = tr->next)
2902
/* loop through each network connections entry in the control panel */
2903
for (pr = panel_reg; pr != NULL; pr = pr->next)
2905
if (!strcmp (tr->guid, pr->guid))
2907
msg (msglev, "'%s' %s", pr->name, tr->guid);
2914
warn_panel_dup = true;
2916
else if (links == 0)
2918
/* a TAP adapter exists without a link from the network
2919
connections control panel */
2920
warn_panel_null = true;
2921
msg (msglev, "[NULL] %s", tr->guid);
2925
/* check for TAP-Win32 adapter duplicated GUIDs */
2926
for (tr = tap_reg; tr != NULL; tr = tr->next)
2928
for (tr1 = tap_reg; tr1 != NULL; tr1 = tr1->next)
2930
if (tr != tr1 && !strcmp (tr->guid, tr1->guid))
2931
warn_tap_dup = true;
2935
/* warn on registry inconsistencies */
2937
msg (warnlev, "WARNING: Some TAP-Win32 adapters have duplicate GUIDs");
2940
msg (warnlev, "WARNING: Some TAP-Win32 adapters have duplicate links from the Network Connections control panel");
2942
if (warn_panel_null)
2943
msg (warnlev, "WARNING: Some TAP-Win32 adapters have no link from the Network Connections control panel");
2949
* Confirm that GUID is a TAP-Win32 adapter.
2952
is_tap_win32 (const char *guid, const struct tap_reg *tap_reg)
2954
const struct tap_reg *tr;
2956
for (tr = tap_reg; tr != NULL; tr = tr->next)
2958
if (guid && !strcmp (tr->guid, guid))
2966
guid_to_name (const char *guid, const struct panel_reg *panel_reg)
2968
const struct panel_reg *pr;
2970
for (pr = panel_reg; pr != NULL; pr = pr->next)
2972
if (guid && !strcmp (pr->guid, guid))
2980
name_to_guid (const char *name, const struct tap_reg *tap_reg, const struct panel_reg *panel_reg)
2982
const struct panel_reg *pr;
2984
for (pr = panel_reg; pr != NULL; pr = pr->next)
2986
if (name && !strcmp (pr->name, name) && is_tap_win32 (pr->guid, tap_reg))
2994
at_least_one_tap_win32 (const struct tap_reg *tap_reg)
2997
msg (M_FATAL, "There are no TAP-Win32 adapters on this system. You should be able to create a TAP-Win32 adapter by going to Start -> All Programs -> " PACKAGE_NAME " -> Add a new TAP-Win32 virtual ethernet adapter.");
3001
* Get an adapter GUID and optional actual_name from the
3002
* registry for the TAP device # = device_number.
3005
get_unspecified_device_guid (const int device_number,
3007
int actual_name_size,
3008
const struct tap_reg *tap_reg_src,
3009
const struct panel_reg *panel_reg_src,
3010
struct gc_arena *gc)
3012
const struct tap_reg *tap_reg = tap_reg_src;
3013
struct buffer ret = clear_buf ();
3014
struct buffer actual = clear_buf ();
3017
ASSERT (device_number >= 0);
3019
/* Make sure we have at least one TAP adapter */
3023
/* The actual_name output buffer may be NULL */
3026
ASSERT (actual_name_size > 0);
3027
buf_set_write (&actual, actual_name, actual_name_size);
3030
/* Move on to specified device number */
3031
for (i = 0; i < device_number; i++)
3033
tap_reg = tap_reg->next;
3038
/* Save Network Panel name (if exists) in actual_name */
3041
const char *act = guid_to_name (tap_reg->guid, panel_reg_src);
3043
buf_printf (&actual, "%s", act);
3045
buf_printf (&actual, "%s", tap_reg->guid);
3048
/* Save GUID for return value */
3049
ret = alloc_buf_gc (256, gc);
3050
buf_printf (&ret, "%s", tap_reg->guid);
3055
* Lookup a --dev-node adapter name in the registry
3056
* returning the GUID and optional actual_name.
3059
get_device_guid (const char *name,
3061
int actual_name_size,
3062
const struct tap_reg *tap_reg,
3063
const struct panel_reg *panel_reg,
3064
struct gc_arena *gc)
3066
struct buffer ret = alloc_buf_gc (256, gc);
3067
struct buffer actual = clear_buf ();
3069
/* Make sure we have at least one TAP adapter */
3073
/* The actual_name output buffer may be NULL */
3076
ASSERT (actual_name_size > 0);
3077
buf_set_write (&actual, actual_name, actual_name_size);
3080
/* Check if GUID was explicitly specified as --dev-node parameter */
3081
if (is_tap_win32 (name, tap_reg))
3083
const char *act = guid_to_name (name, panel_reg);
3084
buf_printf (&ret, "%s", name);
3086
buf_printf (&actual, "%s", act);
3088
buf_printf (&actual, "%s", name);
3092
/* Lookup TAP adapter in network connections list */
3094
const char *guid = name_to_guid (name, tap_reg, panel_reg);
3097
buf_printf (&actual, "%s", name);
3098
buf_printf (&ret, "%s", guid);
3107
* Get adapter info list
3109
const IP_ADAPTER_INFO *
3110
get_adapter_info_list (struct gc_arena *gc)
3113
IP_ADAPTER_INFO *pi = NULL;
3116
if ((status = GetAdaptersInfo (NULL, &size)) != ERROR_BUFFER_OVERFLOW)
3118
msg (M_INFO, "GetAdaptersInfo #1 failed (status=%u) : %s",
3119
(unsigned int)status,
3120
strerror_win32 (status, gc));
3124
pi = (PIP_ADAPTER_INFO) gc_malloc (size, false, gc);
3125
if ((status = GetAdaptersInfo (pi, &size)) == NO_ERROR)
3129
msg (M_INFO, "GetAdaptersInfo #2 failed (status=%u) : %s",
3130
(unsigned int)status,
3131
strerror_win32 (status, gc));
3137
const IP_PER_ADAPTER_INFO *
3138
get_per_adapter_info (const DWORD index, struct gc_arena *gc)
3141
IP_PER_ADAPTER_INFO *pi = NULL;
3146
if ((status = GetPerAdapterInfo (index, NULL, &size)) != ERROR_BUFFER_OVERFLOW)
3148
msg (M_INFO, "GetPerAdapterInfo #1 failed (status=%u) : %s",
3149
(unsigned int)status,
3150
strerror_win32 (status, gc));
3154
pi = (PIP_PER_ADAPTER_INFO) gc_malloc (size, false, gc);
3155
if ((status = GetPerAdapterInfo ((ULONG)index, pi, &size)) == ERROR_SUCCESS)
3159
msg (M_INFO, "GetPerAdapterInfo #2 failed (status=%u) : %s",
3160
(unsigned int)status,
3161
strerror_win32 (status, gc));
3168
static const IP_INTERFACE_INFO *
3169
get_interface_info_list (struct gc_arena *gc)
3172
IP_INTERFACE_INFO *ii = NULL;
3175
if ((status = GetInterfaceInfo (NULL, &size)) != ERROR_INSUFFICIENT_BUFFER)
3177
msg (M_INFO, "GetInterfaceInfo #1 failed (status=%u) : %s",
3178
(unsigned int)status,
3179
strerror_win32 (status, gc));
3183
ii = (PIP_INTERFACE_INFO) gc_malloc (size, false, gc);
3184
if ((status = GetInterfaceInfo (ii, &size)) == NO_ERROR)
3188
msg (M_INFO, "GetInterfaceInfo #2 failed (status=%u) : %s",
3189
(unsigned int)status,
3190
strerror_win32 (status, gc));
3196
static const IP_ADAPTER_INDEX_MAP *
3197
get_interface_info (DWORD index, struct gc_arena *gc)
3199
const IP_INTERFACE_INFO *list = get_interface_info_list (gc);
3203
for (i = 0; i < list->NumAdapters; ++i)
3205
const IP_ADAPTER_INDEX_MAP *inter = &list->Adapter[i];
3206
if (index == inter->Index)
3214
* Given an adapter index, return a pointer to the
3215
* IP_ADAPTER_INFO structure for that adapter.
3218
const IP_ADAPTER_INFO *
3219
get_adapter (const IP_ADAPTER_INFO *ai, DWORD index)
3221
if (ai && index != (DWORD)~0)
3223
const IP_ADAPTER_INFO *a;
3225
/* find index in the linked list */
3226
for (a = ai; a != NULL; a = a->Next)
3228
if (a->Index == index)
3235
const IP_ADAPTER_INFO *
3236
get_adapter_info (DWORD index, struct gc_arena *gc)
3238
return get_adapter (get_adapter_info_list (gc), index);
3242
get_adapter_n_ip_netmask (const IP_ADAPTER_INFO *ai)
3247
const IP_ADDR_STRING *ip = &ai->IpAddressList;
3261
get_adapter_ip_netmask (const IP_ADAPTER_INFO *ai, const int n, in_addr_t *ip, in_addr_t *netmask)
3269
const IP_ADDR_STRING *iplist = &ai->IpAddressList;
3277
iplist = iplist->Next;
3282
const unsigned int getaddr_flags = GETADDR_HOST_ORDER;
3283
const char *ip_str = iplist->IpAddress.String;
3284
const char *netmask_str = iplist->IpMask.String;
3285
bool succeed1 = false;
3286
bool succeed2 = false;
3288
if (ip_str && netmask_str && strlen (ip_str) && strlen (netmask_str))
3290
*ip = getaddr (getaddr_flags, ip_str, 0, &succeed1, NULL);
3291
*netmask = getaddr (getaddr_flags, netmask_str, 0, &succeed2, NULL);
3292
ret = (succeed1 == true && succeed2 == true);
3301
test_adapter_ip_netmask (const IP_ADAPTER_INFO *ai, const in_addr_t ip, const in_addr_t netmask)
3305
in_addr_t ip_adapter = 0;
3306
in_addr_t netmask_adapter = 0;
3307
const bool status = get_adapter_ip_netmask (ai, 0, &ip_adapter, &netmask_adapter);
3308
return (status && ip_adapter == ip && netmask_adapter == netmask);
3314
const IP_ADAPTER_INFO *
3315
get_tun_adapter (const struct tuntap *tt, const IP_ADAPTER_INFO *list)
3318
return get_adapter (list, tt->adapter_index);
3324
is_adapter_up (const struct tuntap *tt, const IP_ADAPTER_INFO *list)
3329
const IP_ADAPTER_INFO *ai = get_tun_adapter (tt, list);
3333
const int n = get_adapter_n_ip_netmask (ai);
3335
/* loop once for every IP/netmask assigned to adapter */
3336
for (i = 0; i < n; ++i)
3338
in_addr_t ip, netmask;
3339
if (get_adapter_ip_netmask (ai, i, &ip, &netmask))
3341
if (tt->local && tt->adapter_netmask)
3343
/* wait for our --ifconfig parms to match the actual adapter parms */
3344
if (tt->local == ip && tt->adapter_netmask == netmask)
3349
/* --ifconfig was not defined, maybe using a real DHCP server */
3357
ret = true; /* this can occur when TAP adapter is bridged */
3363
is_ip_in_adapter_subnet (const IP_ADAPTER_INFO *ai, const in_addr_t ip, in_addr_t *highest_netmask)
3368
if (highest_netmask)
3369
*highest_netmask = 0;
3373
const int n = get_adapter_n_ip_netmask (ai);
3374
for (i = 0; i < n; ++i)
3376
in_addr_t adapter_ip, adapter_netmask;
3377
if (get_adapter_ip_netmask (ai, i, &adapter_ip, &adapter_netmask))
3379
if (adapter_ip && adapter_netmask && (ip & adapter_netmask) == (adapter_ip & adapter_netmask))
3381
if (highest_netmask && adapter_netmask > *highest_netmask)
3382
*highest_netmask = adapter_netmask;
3392
adapter_index_of_ip (const IP_ADAPTER_INFO *list,
3397
struct gc_arena gc = gc_new ();
3399
in_addr_t highest_netmask = 0;
3409
if (is_ip_in_adapter_subnet (list, ip, &hn))
3411
if (first || hn > highest_netmask)
3413
highest_netmask = hn;
3419
else if (hn == highest_netmask)
3428
dmsg (D_ROUTE_DEBUG, "DEBUG: IP Locate: ip=%s nm=%s index=%d count=%d",
3429
print_in_addr_t (ip, 0, &gc),
3430
print_in_addr_t (highest_netmask, 0, &gc),
3432
count ? *count : -1);
3434
if (ret == ~0 && count)
3438
*netmask = highest_netmask;
3445
* Given an adapter index, return true if the adapter
3449
#define DHCP_STATUS_UNDEF 0
3450
#define DHCP_STATUS_ENABLED 1
3451
#define DHCP_STATUS_DISABLED 2
3454
dhcp_status (DWORD index)
3456
struct gc_arena gc = gc_new ();
3457
int ret = DHCP_STATUS_UNDEF;
3460
const IP_ADAPTER_INFO *ai = get_adapter_info (index, &gc);
3464
if (ai->DhcpEnabled)
3465
ret = DHCP_STATUS_ENABLED;
3467
ret = DHCP_STATUS_DISABLED;
3475
* Delete all temporary address/netmask pairs which were added
3476
* to adapter (given by index) by previous calls to AddIPAddress.
3479
delete_temp_addresses (DWORD index)
3481
struct gc_arena gc = gc_new ();
3482
const IP_ADAPTER_INFO *a = get_adapter_info (index, &gc);
3486
const IP_ADDR_STRING *ip = &a->IpAddressList;
3490
const DWORD context = ip->Context;
3492
if ((status = DeleteIPAddress ((ULONG) context)) == NO_ERROR)
3494
msg (M_INFO, "Successfully deleted previously set dynamic IP/netmask: %s/%s",
3495
ip->IpAddress.String,
3500
const char *empty = "0.0.0.0";
3501
if (strcmp (ip->IpAddress.String, empty)
3502
|| strcmp (ip->IpMask.String, empty))
3503
msg (M_INFO, "NOTE: could not delete previously set dynamic IP/netmask: %s/%s (status=%u)",
3504
ip->IpAddress.String,
3506
(unsigned int)status);
3515
* Get interface index for use with IP Helper API functions.
3518
get_adapter_index_method_1 (const char *guid)
3520
struct gc_arena gc = gc_new ();
3524
snwprintf (wbuf, SIZE (wbuf), L"\\DEVICE\\TCPIP_%S", guid);
3525
wbuf [SIZE(wbuf) - 1] = 0;
3526
if ((status = GetAdapterIndex (wbuf, &index)) != NO_ERROR)
3533
get_adapter_index_method_2 (const char *guid)
3535
struct gc_arena gc = gc_new ();
3538
const IP_ADAPTER_INFO *list = get_adapter_info_list (&gc);
3542
if (!strcmp (guid, list->AdapterName))
3544
index = list->Index;
3555
get_adapter_index (const char *guid)
3558
index = get_adapter_index_method_1 (guid);
3560
index = get_adapter_index_method_2 (guid);
3562
msg (M_INFO, "NOTE: could not get adapter index for %s", guid);
3567
get_adapter_index_flexible (const char *name) /* actual name or GUID */
3569
struct gc_arena gc = gc_new ();
3571
index = get_adapter_index_method_1 (name);
3573
index = get_adapter_index_method_2 (name);
3576
const struct tap_reg *tap_reg = get_tap_reg (&gc);
3577
const struct panel_reg *panel_reg = get_panel_reg (&gc);
3578
const char *guid = name_to_guid (name, tap_reg, panel_reg);
3579
index = get_adapter_index_method_1 (guid);
3581
index = get_adapter_index_method_2 (guid);
3584
msg (M_INFO, "NOTE: could not get adapter index for name/GUID '%s'", name);
3590
* Return a string representing a PIP_ADDR_STRING
3593
format_ip_addr_string (const IP_ADDR_STRING *ip, struct gc_arena *gc)
3595
struct buffer out = alloc_buf_gc (256, gc);
3598
buf_printf (&out, "%s", ip->IpAddress.String);
3599
if (strlen (ip->IpMask.String))
3601
buf_printf (&out, "/");
3602
buf_printf (&out, "%s", ip->IpMask.String);
3604
buf_printf (&out, " ");
3611
* Show info for a single adapter
3614
show_adapter (int msglev, const IP_ADAPTER_INFO *a, struct gc_arena *gc)
3616
msg (msglev, "%s", a->Description);
3617
msg (msglev, " Index = %d", (int)a->Index);
3618
msg (msglev, " GUID = %s", a->AdapterName);
3619
msg (msglev, " IP = %s", format_ip_addr_string (&a->IpAddressList, gc));
3620
msg (msglev, " MAC = %s", format_hex_ex (a->Address, a->AddressLength, 0, 1, ":", gc));
3621
msg (msglev, " GATEWAY = %s", format_ip_addr_string (&a->GatewayList, gc));
3624
msg (msglev, " DHCP SERV = %s", format_ip_addr_string (&a->DhcpServer, gc));
3625
msg (msglev, " DHCP LEASE OBTAINED = %s", time_string (a->LeaseObtained, 0, false, gc));
3626
msg (msglev, " DHCP LEASE EXPIRES = %s", time_string (a->LeaseExpires, 0, false, gc));
3630
msg (msglev, " PRI WINS = %s", format_ip_addr_string (&a->PrimaryWinsServer, gc));
3631
msg (msglev, " SEC WINS = %s", format_ip_addr_string (&a->SecondaryWinsServer, gc));
3635
const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info (a->Index, gc);
3638
msg (msglev, " DNS SERV = %s", format_ip_addr_string (&pai->DnsServerList, gc));
3644
* Show current adapter list
3647
show_adapters (int msglev)
3649
struct gc_arena gc = gc_new ();
3650
const IP_ADAPTER_INFO *ai = get_adapter_info_list (&gc);
3652
msg (msglev, "SYSTEM ADAPTER LIST");
3655
const IP_ADAPTER_INFO *a;
3657
/* find index in the linked list */
3658
for (a = ai; a != NULL; a = a->Next)
3660
show_adapter (msglev, a, &gc);
3667
* Set a particular TAP-Win32 adapter (or all of them if
3668
* adapter_name == NULL) to allow it to be opened from
3669
* a non-admin account. This setting will only persist
3670
* for the lifetime of the device object.
3674
tap_allow_nonadmin_access_handle (const char *device_path, HANDLE hand)
3676
struct security_attributes sa;
3679
if (!init_security_attributes_allow_all (&sa))
3680
msg (M_ERR, "Error: init SA failed");
3682
status = SetKernelObjectSecurity (hand, DACL_SECURITY_INFORMATION, &sa.sd);
3685
msg (M_ERRNO, "Error: SetKernelObjectSecurity failed on %s", device_path);
3689
msg (M_INFO|M_NOPREFIX, "TAP-Win32 device: %s [Non-admin access allowed]", device_path);
3694
tap_allow_nonadmin_access (const char *dev_node)
3696
struct gc_arena gc = gc_new ();
3697
const struct tap_reg *tap_reg = get_tap_reg (&gc);
3698
const struct panel_reg *panel_reg = get_panel_reg (&gc);
3699
const char *device_guid = NULL;
3701
char actual_buffer[256];
3702
char device_path[256];
3704
at_least_one_tap_win32 (tap_reg);
3708
/* Get the device GUID for the device specified with --dev-node. */
3709
device_guid = get_device_guid (dev_node, actual_buffer, sizeof (actual_buffer), tap_reg, panel_reg, &gc);
3712
msg (M_FATAL, "TAP-Win32 adapter '%s' not found", dev_node);
3714
/* Open Windows TAP-Win32 adapter */
3715
openvpn_snprintf (device_path, sizeof(device_path), "%s%s%s",
3723
0, /* was: FILE_SHARE_READ */
3726
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
3730
if (hand == INVALID_HANDLE_VALUE)
3731
msg (M_ERR, "CreateFile failed on TAP device: %s", device_path);
3733
tap_allow_nonadmin_access_handle (device_path, hand);
3738
int device_number = 0;
3740
/* Try opening all TAP devices */
3743
device_guid = get_unspecified_device_guid (device_number,
3745
sizeof (actual_buffer),
3753
/* Open Windows TAP-Win32 adapter */
3754
openvpn_snprintf (device_path, sizeof(device_path), "%s%s%s",
3762
0, /* was: FILE_SHARE_READ */
3765
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
3769
if (hand == INVALID_HANDLE_VALUE)
3770
msg (M_WARN, "CreateFile failed on TAP device: %s", device_path);
3773
tap_allow_nonadmin_access_handle (device_path, hand);
3784
* DHCP release/renewal
3787
dhcp_release_by_adapter_index(const DWORD adapter_index)
3789
struct gc_arena gc = gc_new ();
3791
const IP_ADAPTER_INDEX_MAP *inter = get_interface_info (adapter_index, &gc);
3795
DWORD status = IpReleaseAddress ((IP_ADAPTER_INDEX_MAP *)inter);
3796
if (status == NO_ERROR)
3798
msg (D_TUNTAP_INFO, "TAP: DHCP address released");
3802
msg (M_WARN, "NOTE: Release of DHCP-assigned IP address lease on TAP-Win32 adapter failed: %s (code=%u)",
3803
strerror_win32 (status, &gc),
3804
(unsigned int)status);
3812
dhcp_release (const struct tuntap *tt)
3814
if (tt && tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ && tt->adapter_index != ~0)
3815
return dhcp_release_by_adapter_index (tt->adapter_index);
3821
dhcp_renew_by_adapter_index (const DWORD adapter_index)
3823
struct gc_arena gc = gc_new ();
3825
const IP_ADAPTER_INDEX_MAP *inter = get_interface_info (adapter_index, &gc);
3829
DWORD status = IpRenewAddress ((IP_ADAPTER_INDEX_MAP *)inter);
3830
if (status == NO_ERROR)
3832
msg (D_TUNTAP_INFO, "TAP: DHCP address renewal succeeded");
3836
msg (M_WARN, "WARNING: Failed to renew DHCP IP address lease on TAP-Win32 adapter: %s (code=%u)",
3837
strerror_win32 (status, &gc),
3838
(unsigned int)status);
3845
dhcp_renew (const struct tuntap *tt)
3847
if (tt && tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ && tt->adapter_index != ~0)
3848
return dhcp_renew_by_adapter_index (tt->adapter_index);
3858
netsh_command (const struct argv *a, int n)
3861
for (i = 0; i < n; ++i)
3865
netcmd_semaphore_lock ();
3866
argv_msg_prefix (M_INFO, a, "NETSH");
3867
status = openvpn_execve_check (a, NULL, 0, "ERROR: netsh command failed");
3868
netcmd_semaphore_release ();
3873
msg (M_FATAL, "NETSH: command failed");
3877
ipconfig_register_dns (const struct env_set *es)
3881
const char err[] = "ERROR: Windows ipconfig command failed";
3883
msg (D_TUNTAP_INFO, "Start net commands...");
3884
netcmd_semaphore_lock ();
3888
argv_printf (&argv, "%s%sc stop dnscache",
3890
WIN_NET_PATH_SUFFIX);
3891
argv_msg (D_TUNTAP_INFO, &argv);
3892
status = openvpn_execve_check (&argv, es, 0, err);
3895
argv_printf (&argv, "%s%sc start dnscache",
3897
WIN_NET_PATH_SUFFIX);
3898
argv_msg (D_TUNTAP_INFO, &argv);
3899
status = openvpn_execve_check (&argv, es, 0, err);
3902
argv_printf (&argv, "%s%sc /flushdns",
3904
WIN_IPCONFIG_PATH_SUFFIX);
3905
argv_msg (D_TUNTAP_INFO, &argv);
3906
status = openvpn_execve_check (&argv, es, 0, err);
3909
argv_printf (&argv, "%s%sc /registerdns",
3911
WIN_IPCONFIG_PATH_SUFFIX);
3912
argv_msg (D_TUNTAP_INFO, &argv);
3913
status = openvpn_execve_check (&argv, es, 0, err);
3916
netcmd_semaphore_release ();
3917
msg (D_TUNTAP_INFO, "End net commands...");
3921
ip_addr_string_to_array (in_addr_t *dest, int *dest_len, const IP_ADDR_STRING *src)
3926
const unsigned int getaddr_flags = GETADDR_HOST_ORDER;
3927
const char *ip_str = src->IpAddress.String;
3929
bool succeed = false;
3933
if (!ip_str || !strlen (ip_str))
3936
ip = getaddr (getaddr_flags, ip_str, 0, &succeed, NULL);
3947
struct gc_arena gc = gc_new ();
3948
msg (M_INFO, "ip_addr_string_to_array [%d]", *dest_len);
3949
for (i = 0; i < *dest_len; ++i)
3951
msg (M_INFO, "%s", print_in_addr_t (dest[i], 0, &gc));
3959
ip_addr_one_to_one (const in_addr_t *a1, const int a1len, const IP_ADDR_STRING *ias)
3962
int a2len = SIZE(a2);
3965
ip_addr_string_to_array (a2, &a2len, ias);
3966
/*msg (M_INFO, "a1len=%d a2len=%d", a1len, a2len);*/
3970
for (i = 0; i < a1len; ++i)
3979
ip_addr_member_of (const in_addr_t addr, const IP_ADDR_STRING *ias)
3985
ip_addr_string_to_array (aa, &len, ias);
3986
for (i = 0; i < len; ++i)
3995
netsh_ifconfig_options (const char *type,
3996
const in_addr_t *addr_list,
3998
const IP_ADDR_STRING *current,
3999
const char *flex_name,
4000
const bool test_first)
4002
struct gc_arena gc = gc_new ();
4003
struct argv argv = argv_new ();
4004
bool delete_first = false;
4006
/* first check if we should delete existing DNS/WINS settings from TAP interface */
4009
if (!ip_addr_one_to_one (addr_list, addr_len, current))
4010
delete_first = true;
4013
delete_first = true;
4015
/* delete existing DNS/WINS settings from TAP interface */
4018
argv_printf (&argv, "%s%sc interface ip delete %s %s all",
4023
netsh_command (&argv, 2);
4026
/* add new DNS/WINS settings to TAP interface */
4030
for (i = 0; i < addr_len; ++i)
4032
if (delete_first || !test_first || !ip_addr_member_of (addr_list[i], current))
4034
const char *fmt = count ?
4035
"%s%sc interface ip add %s %s %s"
4036
: "%s%sc interface ip set %s %s static %s";
4038
argv_printf (&argv, fmt,
4043
print_in_addr_t (addr_list[i], 0, &gc));
4044
netsh_command (&argv, 2);
4050
msg (M_INFO, "NETSH: \"%s\" %s %s [already set]",
4053
print_in_addr_t (addr_list[i], 0, &gc));
4063
init_ip_addr_string2 (IP_ADDR_STRING *dest, const IP_ADDR_STRING *src1, const IP_ADDR_STRING *src2)
4070
dest[0].Next = NULL;
4075
dest[0].Next = &dest[1];
4076
dest[1].Next = NULL;
4081
netsh_ifconfig (const struct tuntap_options *to,
4082
const char *flex_name,
4084
const in_addr_t netmask,
4085
const unsigned int flags)
4087
struct gc_arena gc = gc_new ();
4088
struct argv argv = argv_new ();
4089
const IP_ADAPTER_INFO *ai = NULL;
4090
const IP_PER_ADAPTER_INFO *pai = NULL;
4092
if (flags & NI_TEST_FIRST)
4094
const IP_ADAPTER_INFO *list = get_adapter_info_list (&gc);
4095
const int index = get_adapter_index_flexible (flex_name);
4096
ai = get_adapter (list, index);
4097
pai = get_per_adapter_info (index, &gc);
4100
if (flags & NI_IP_NETMASK)
4102
if (test_adapter_ip_netmask (ai, ip, netmask))
4104
msg (M_INFO, "NETSH: \"%s\" %s/%s [already set]",
4106
print_in_addr_t (ip, 0, &gc),
4107
print_in_addr_t (netmask, 0, &gc));
4111
/* example: netsh interface ip set address my-tap static 10.3.0.1 255.255.255.0 */
4112
argv_printf (&argv, "%s%sc interface ip set address %s static %s %s",
4116
print_in_addr_t (ip, 0, &gc),
4117
print_in_addr_t (netmask, 0, &gc));
4119
netsh_command (&argv, 4);
4123
/* set WINS/DNS options */
4124
if (flags & NI_OPTIONS)
4126
IP_ADDR_STRING wins[2];
4130
netsh_ifconfig_options ("dns",
4133
pai ? &pai->DnsServerList : NULL,
4135
BOOL_CAST (flags & NI_TEST_FIRST));
4136
if (ai && ai->HaveWins)
4137
init_ip_addr_string2 (wins, &ai->PrimaryWinsServer, &ai->SecondaryWinsServer);
4139
netsh_ifconfig_options ("wins",
4144
BOOL_CAST (flags & NI_TEST_FIRST));
4152
netsh_enable_dhcp (const struct tuntap_options *to,
4153
const char *actual_name)
4158
/* example: netsh interface ip set address my-tap dhcp */
4160
"%s%sc interface ip set address %s dhcp",
4165
netsh_command (&argv, 4);
4171
* Return a TAP name for netsh commands.
4174
netsh_get_id (const char *dev_node, struct gc_arena *gc)
4176
const struct tap_reg *tap_reg = get_tap_reg (gc);
4177
const struct panel_reg *panel_reg = get_panel_reg (gc);
4178
struct buffer actual = alloc_buf_gc (256, gc);
4181
at_least_one_tap_win32 (tap_reg);
4185
guid = get_device_guid (dev_node, BPTR (&actual), BCAP (&actual), tap_reg, panel_reg, gc);
4189
guid = get_unspecified_device_guid (0, BPTR (&actual), BCAP (&actual), tap_reg, panel_reg, gc);
4191
if (get_unspecified_device_guid (1, NULL, 0, tap_reg, panel_reg, gc)) /* ambiguous if more than one TAP-Win32 adapter */
4196
return "NULL"; /* not found */
4197
else if (strcmp (BPTR (&actual), "NULL"))
4198
return BPTR (&actual); /* control panel name */
4200
return guid; /* no control panel name, return GUID instead */
4204
* Called iteratively on TAP-Win32 wait-for-initialization polling loop
4207
tun_standby_init (struct tuntap *tt)
4209
tt->standby_iter = 0;
4213
tun_standby (struct tuntap *tt)
4217
if (tt->options.ip_win32_type == IPW32_SET_ADAPTIVE)
4219
if (tt->standby_iter == IPW32_SET_ADAPTIVE_TRY_NETSH)
4221
msg (M_INFO, "NOTE: now trying netsh (this may take some time)");
4222
netsh_ifconfig (&tt->options,
4225
tt->adapter_netmask,
4226
NI_TEST_FIRST|NI_IP_NETMASK|NI_OPTIONS);
4228
else if (tt->standby_iter >= IPW32_SET_ADAPTIVE_TRY_NETSH*2)
4237
* Convert DHCP options from the command line / config file
4238
* into a raw DHCP-format options string.
4242
write_dhcp_u8 (struct buffer *buf, const int type, const int data, bool *error)
4244
if (!buf_safe (buf, 3))
4247
msg (M_WARN, "write_dhcp_u8: buffer overflow building DHCP options");
4250
buf_write_u8 (buf, type);
4251
buf_write_u8 (buf, 1);
4252
buf_write_u8 (buf, data);
4256
write_dhcp_u32_array (struct buffer *buf, const int type, const uint32_t *data, const unsigned int len, bool *error)
4261
const int size = len * sizeof (uint32_t);
4263
if (!buf_safe (buf, 2 + size))
4266
msg (M_WARN, "write_dhcp_u32_array: buffer overflow building DHCP options");
4269
if (size < 1 || size > 255)
4272
msg (M_WARN, "write_dhcp_u32_array: size (%d) must be > 0 and <= 255", size);
4275
buf_write_u8 (buf, type);
4276
buf_write_u8 (buf, size);
4277
for (i = 0; i < len; ++i)
4278
buf_write_u32 (buf, data[i]);
4283
write_dhcp_str (struct buffer *buf, const int type, const char *str, bool *error)
4285
const int len = strlen (str);
4286
if (!buf_safe (buf, 2 + len))
4289
msg (M_WARN, "write_dhcp_str: buffer overflow building DHCP options");
4292
if (len < 1 || len > 255)
4295
msg (M_WARN, "write_dhcp_str: string '%s' must be > 0 bytes and <= 255 bytes", str);
4298
buf_write_u8 (buf, type);
4299
buf_write_u8 (buf, len);
4300
buf_write (buf, str, len);
4304
build_dhcp_options_string (struct buffer *buf, const struct tuntap_options *o)
4308
write_dhcp_str (buf, 15, o->domain, &error);
4310
if (o->netbios_scope)
4311
write_dhcp_str (buf, 47, o->netbios_scope, &error);
4313
if (o->netbios_node_type)
4314
write_dhcp_u8 (buf, 46, o->netbios_node_type, &error);
4316
write_dhcp_u32_array (buf, 6, (uint32_t*)o->dns, o->dns_len, &error);
4317
write_dhcp_u32_array (buf, 44, (uint32_t*)o->wins, o->wins_len, &error);
4318
write_dhcp_u32_array (buf, 42, (uint32_t*)o->ntp, o->ntp_len, &error);
4319
write_dhcp_u32_array (buf, 45, (uint32_t*)o->nbdd, o->nbdd_len, &error);
4321
/* the MS DHCP server option 'Disable Netbios-over-TCP/IP
4322
is implemented as vendor option 001, value 002.
4323
A value of 001 means 'leave NBT alone' which is the default */
4326
if (!buf_safe (buf, 8))
4328
msg (M_WARN, "build_dhcp_options_string: buffer overflow building DHCP options");
4331
buf_write_u8 (buf, 43);
4332
buf_write_u8 (buf, 6); /* total length field */
4333
buf_write_u8 (buf, 0x001);
4334
buf_write_u8 (buf, 4); /* length of the vendor specified field */
4335
buf_write_u32 (buf, 0x002);
4341
fork_dhcp_action (struct tuntap *tt)
4343
if (tt->options.dhcp_pre_release || tt->options.dhcp_renew)
4345
struct gc_arena gc = gc_new ();
4346
struct buffer cmd = alloc_buf_gc (256, &gc);
4348
const int pre_sleep = 1;
4350
buf_printf (&cmd, "openvpn --verb %d --tap-sleep %d", verb, pre_sleep);
4351
if (tt->options.dhcp_pre_release)
4352
buf_printf (&cmd, " --dhcp-pre-release");
4353
if (tt->options.dhcp_renew)
4354
buf_printf (&cmd, " --dhcp-renew");
4355
buf_printf (&cmd, " --dhcp-internal %u", (unsigned int)tt->adapter_index);
4357
fork_to_self (BSTR (&cmd));
4363
fork_register_dns_action (struct tuntap *tt)
4365
if (tt && tt->options.register_dns)
4367
struct gc_arena gc = gc_new ();
4368
struct buffer cmd = alloc_buf_gc (256, &gc);
4371
buf_printf (&cmd, "openvpn --verb %d --register-dns --rdns-internal", verb);
4372
fork_to_self (BSTR (&cmd));
4378
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
4380
struct gc_arena gc = gc_new ();
4381
char device_path[256];
4382
const char *device_guid = NULL;
4384
bool dhcp_masq = false;
4385
bool dhcp_masq_post = false;
4387
/*netcmd_semaphore_lock ();*/
4389
msg( M_INFO, "open_tun, tt->ipv6=%d", tt->ipv6 );
4391
if (tt->type == DEV_TYPE_NULL)
4397
else if (tt->type == DEV_TYPE_TAP || tt->type == DEV_TYPE_TUN)
4403
msg (M_FATAL|M_NOPREFIX, "Unknown virtual device type: '%s'", dev);
4407
* Lookup the device name in the registry, using the --dev-node high level name.
4410
const struct tap_reg *tap_reg = get_tap_reg (&gc);
4411
const struct panel_reg *panel_reg = get_panel_reg (&gc);
4412
char actual_buffer[256];
4414
at_least_one_tap_win32 (tap_reg);
4418
/* Get the device GUID for the device specified with --dev-node. */
4419
device_guid = get_device_guid (dev_node, actual_buffer, sizeof (actual_buffer), tap_reg, panel_reg, &gc);
4422
msg (M_FATAL, "TAP-Win32 adapter '%s' not found", dev_node);
4424
/* Open Windows TAP-Win32 adapter */
4425
openvpn_snprintf (device_path, sizeof(device_path), "%s%s%s",
4430
tt->hand = CreateFile (
4432
GENERIC_READ | GENERIC_WRITE,
4433
0, /* was: FILE_SHARE_READ */
4436
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
4440
if (tt->hand == INVALID_HANDLE_VALUE)
4441
msg (M_ERR, "CreateFile failed on TAP device: %s", device_path);
4445
int device_number = 0;
4447
/* Try opening all TAP devices until we find one available */
4450
device_guid = get_unspecified_device_guid (device_number,
4452
sizeof (actual_buffer),
4458
msg (M_FATAL, "All TAP-Win32 adapters on this system are currently in use.");
4460
/* Open Windows TAP-Win32 adapter */
4461
openvpn_snprintf (device_path, sizeof(device_path), "%s%s%s",
4466
tt->hand = CreateFile (
4468
GENERIC_READ | GENERIC_WRITE,
4469
0, /* was: FILE_SHARE_READ */
4472
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
4476
if (tt->hand == INVALID_HANDLE_VALUE)
4477
msg (D_TUNTAP_INFO, "CreateFile failed on TAP device: %s", device_path);
4485
/* translate high-level device name into a device instance
4486
GUID using the registry */
4487
tt->actual_name = string_alloc (actual_buffer, NULL);
4490
msg (M_INFO, "TAP-WIN32 device [%s] opened: %s", tt->actual_name, device_path);
4491
tt->adapter_index = get_adapter_index (device_guid);
4493
/* get driver version info */
4497
if (DeviceIoControl (tt->hand, TAP_IOCTL_GET_VERSION,
4498
&info, sizeof (info),
4499
&info, sizeof (info), &len, NULL))
4501
msg (D_TUNTAP_INFO, "TAP-Win32 Driver Version %d.%d %s",
4504
(info[2] ? "(DEBUG)" : ""));
4507
if (!(info[0] == TAP_WIN32_MIN_MAJOR && info[1] >= TAP_WIN32_MIN_MINOR))
4508
msg (M_FATAL, "ERROR: This version of " PACKAGE_NAME " requires a TAP-Win32 driver that is at least version %d.%d -- If you recently upgraded your " PACKAGE_NAME " distribution, a reboot is probably required at this point to get Windows to see the new driver.",
4509
TAP_WIN32_MIN_MAJOR,
4510
TAP_WIN32_MIN_MINOR);
4512
/* usage of numeric constants is ugly, but this is really tied to
4513
* *this* version of the driver
4515
if ( tt->ipv6 && tt->type == DEV_TYPE_TUN &&
4516
info[0] == 9 && info[1] < 8)
4518
msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support IPv6 in TUN mode. IPv6 will be disabled. Upgrade to Tap-Win32 9.8 (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0], (int) info[1] );
4523
/* get driver MTU */
4526
if (DeviceIoControl (tt->hand, TAP_IOCTL_GET_MTU,
4528
&mtu, sizeof (mtu), &len, NULL))
4530
tt->post_open_mtu = (int) mtu;
4531
msg (D_MTU_INFO, "TAP-Win32 MTU=%d", (int) mtu);
4536
* Preliminaries for setting TAP-Win32 adapter TCP/IP
4537
* properties via --ip-win32 dynamic or --ip-win32 adaptive.
4539
if (tt->did_ifconfig_setup)
4541
if (tt->options.ip_win32_type == IPW32_SET_DHCP_MASQ)
4544
* If adapter is set to non-DHCP, set to DHCP mode.
4546
if (dhcp_status (tt->adapter_index) == DHCP_STATUS_DISABLED)
4547
netsh_enable_dhcp (&tt->options, tt->actual_name);
4549
dhcp_masq_post = true;
4551
else if (tt->options.ip_win32_type == IPW32_SET_ADAPTIVE)
4554
* If adapter is set to non-DHCP, use netsh right away.
4556
if (dhcp_status (tt->adapter_index) != DHCP_STATUS_ENABLED)
4558
netsh_ifconfig (&tt->options,
4561
tt->adapter_netmask,
4562
NI_TEST_FIRST|NI_IP_NETMASK|NI_OPTIONS);
4571
/* set point-to-point mode if TUN device */
4573
if (tt->type == DEV_TYPE_TUN)
4575
if (!tt->did_ifconfig_setup)
4577
msg (M_FATAL, "ERROR: --dev tun also requires --ifconfig");
4580
if (tt->topology == TOP_SUBNET)
4585
ep[0] = htonl (tt->local);
4586
ep[1] = htonl (tt->local & tt->remote_netmask);
4587
ep[2] = htonl (tt->remote_netmask);
4589
status = DeviceIoControl (tt->hand, TAP_IOCTL_CONFIG_TUN,
4591
ep, sizeof (ep), &len, NULL);
4593
msg (status ? M_INFO : M_FATAL, "Set TAP-Win32 TUN subnet mode network/local/netmask = %s/%s/%s [%s]",
4594
print_in_addr_t (ep[1], IA_NET_ORDER, &gc),
4595
print_in_addr_t (ep[0], IA_NET_ORDER, &gc),
4596
print_in_addr_t (ep[2], IA_NET_ORDER, &gc),
4597
status ? "SUCCEEDED" : "FAILED");
4602
ep[0] = htonl (tt->local);
4603
ep[1] = htonl (tt->remote_netmask);
4605
if (!DeviceIoControl (tt->hand, TAP_IOCTL_CONFIG_POINT_TO_POINT,
4607
ep, sizeof (ep), &len, NULL))
4608
msg (M_FATAL, "ERROR: The TAP-Win32 driver rejected a DeviceIoControl call to set Point-to-Point mode, which is required for --dev tun");
4612
/* should we tell the TAP-Win32 driver to masquerade as a DHCP server as a means
4613
of setting the adapter address? */
4618
/* We will answer DHCP requests with a reply to set IP/subnet to these values */
4619
ep[0] = htonl (tt->local);
4620
ep[1] = htonl (tt->adapter_netmask);
4622
/* At what IP address should the DHCP server masquerade at? */
4623
if (tt->type == DEV_TYPE_TUN)
4625
if (tt->topology == TOP_SUBNET)
4627
const in_addr_t netmask_inv = ~tt->remote_netmask;
4628
ep[2] = netmask_inv ? htonl ((tt->local | netmask_inv) - 1) : 0;
4631
ep[2] = htonl (tt->remote_netmask);
4633
if (tt->options.dhcp_masq_custom_offset)
4634
msg (M_WARN, "WARNING: because you are using '--dev tun' mode, the '--ip-win32 dynamic [offset]' option is ignoring the offset parameter");
4638
in_addr_t dsa; /* DHCP server addr */
4640
ASSERT (tt->type == DEV_TYPE_TAP);
4642
if (tt->options.dhcp_masq_offset < 0)
4643
dsa = (tt->local | (~tt->adapter_netmask)) + tt->options.dhcp_masq_offset;
4645
dsa = (tt->local & tt->adapter_netmask) + tt->options.dhcp_masq_offset;
4647
if (dsa == tt->local)
4648
msg (M_FATAL, "ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to %s -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server", print_in_addr_t (dsa, 0, &gc));
4650
if ((tt->local & tt->adapter_netmask) != (dsa & tt->adapter_netmask))
4651
msg (M_FATAL, "ERROR: --tap-win32 dynamic [offset] : offset is outside of --ifconfig subnet");
4653
ep[2] = htonl (dsa);
4656
/* lease time in seconds */
4657
ep[3] = (uint32_t) tt->options.dhcp_lease_time;
4661
#ifndef SIMULATE_DHCP_FAILED /* this code is disabled to simulate bad DHCP negotiation */
4662
if (!DeviceIoControl (tt->hand, TAP_IOCTL_CONFIG_DHCP_MASQ,
4664
ep, sizeof (ep), &len, NULL))
4665
msg (M_FATAL, "ERROR: The TAP-Win32 driver rejected a DeviceIoControl call to set TAP_IOCTL_CONFIG_DHCP_MASQ mode");
4667
msg (M_INFO, "Notified TAP-Win32 driver to set a DHCP IP/netmask of %s/%s on interface %s [DHCP-serv: %s, lease-time: %d]",
4668
print_in_addr_t (tt->local, 0, &gc),
4669
print_in_addr_t (tt->adapter_netmask, 0, &gc),
4671
print_in_addr_t (ep[2], IA_NET_ORDER, &gc),
4675
/* user-supplied DHCP options capability */
4676
if (tt->options.dhcp_options)
4678
struct buffer buf = alloc_buf (256);
4679
if (build_dhcp_options_string (&buf, &tt->options))
4681
msg (D_DHCP_OPT, "DHCP option string: %s", format_hex (BPTR (&buf), BLEN (&buf), 0, &gc));
4682
if (!DeviceIoControl (tt->hand, TAP_IOCTL_CONFIG_DHCP_SET_OPT,
4683
BPTR (&buf), BLEN (&buf),
4684
BPTR (&buf), BLEN (&buf), &len, NULL))
4685
msg (M_FATAL, "ERROR: The TAP-Win32 driver rejected a TAP_IOCTL_CONFIG_DHCP_SET_OPT DeviceIoControl call");
4688
msg (M_WARN, "DHCP option string not set due to error");
4694
/* set driver media status to 'connected' */
4696
ULONG status = TRUE;
4697
if (!DeviceIoControl (tt->hand, TAP_IOCTL_SET_MEDIA_STATUS,
4698
&status, sizeof (status),
4699
&status, sizeof (status), &len, NULL))
4700
msg (M_WARN, "WARNING: The TAP-Win32 driver rejected a TAP_IOCTL_SET_MEDIA_STATUS DeviceIoControl call.");
4703
/* possible wait for adapter to come up */
4705
int s = tt->options.tap_sleep;
4708
msg (M_INFO, "Sleeping for %d seconds...", s);
4713
/* possibly use IP Helper API to set IP address on adapter */
4715
const DWORD index = tt->adapter_index;
4717
/* flush arp cache */
4718
if (index != (DWORD)~0)
4722
if ((status = FlushIpNetTable (index)) == NO_ERROR)
4723
msg (M_INFO, "Successful ARP Flush on interface [%u] %s",
4724
(unsigned int)index,
4727
msg (D_TUNTAP_INFO, "NOTE: FlushIpNetTable failed on interface [%u] %s (status=%u) : %s",
4728
(unsigned int)index,
4730
(unsigned int)status,
4731
strerror_win32 (status, &gc));
4735
* If the TAP-Win32 driver is masquerading as a DHCP server
4736
* make sure the TCP/IP properties for the adapter are
4741
/* check dhcp enable status */
4742
if (dhcp_status (index) == DHCP_STATUS_DISABLED)
4743
msg (M_WARN, "WARNING: You have selected '--ip-win32 dynamic', which will not work unless the TAP-Win32 TCP/IP properties are set to 'Obtain an IP address automatically'");
4745
/* force an explicit DHCP lease renewal on TAP adapter? */
4746
if (tt->options.dhcp_pre_release)
4748
if (tt->options.dhcp_renew)
4752
fork_dhcp_action (tt);
4754
if (tt->did_ifconfig_setup && tt->options.ip_win32_type == IPW32_SET_IPAPI)
4757
const char *error_suffix = "I am having trouble using the Windows 'IP helper API' to automatically set the IP address -- consider using other --ip-win32 methods (not 'ipapi')";
4759
/* couldn't get adapter index */
4760
if (index == (DWORD)~0)
4762
msg (M_FATAL, "ERROR: unable to get adapter index for interface %s -- %s",
4767
/* check dhcp enable status */
4768
if (dhcp_status (index) == DHCP_STATUS_DISABLED)
4769
msg (M_WARN, "NOTE: You have selected (explicitly or by default) '--ip-win32 ipapi', which has a better chance of working correctly if the TAP-Win32 TCP/IP properties are set to 'Obtain an IP address automatically'");
4771
/* delete previously added IP addresses which were not
4772
correctly deleted */
4773
delete_temp_addresses (index);
4775
/* add a new IP address */
4776
if ((status = AddIPAddress (htonl(tt->local),
4777
htonl(tt->adapter_netmask),
4780
&tt->ipapi_instance)) == NO_ERROR)
4781
msg (M_INFO, "Succeeded in adding a temporary IP/netmask of %s/%s to interface %s using the Win32 IP Helper API",
4782
print_in_addr_t (tt->local, 0, &gc),
4783
print_in_addr_t (tt->adapter_netmask, 0, &gc),
4787
msg (M_FATAL, "ERROR: AddIPAddress %s/%s failed on interface %s, index=%d, status=%u (windows error: '%s') -- %s",
4788
print_in_addr_t (tt->local, 0, &gc),
4789
print_in_addr_t (tt->adapter_netmask, 0, &gc),
4792
(unsigned int)status,
4793
strerror_win32 (status, &gc),
4795
tt->ipapi_context_defined = true;
4798
/*netcmd_semaphore_release ();*/
4803
tap_win32_getinfo (const struct tuntap *tt, struct gc_arena *gc)
4805
if (tt && tt->hand != NULL)
4807
struct buffer out = alloc_buf_gc (256, gc);
4809
if (DeviceIoControl (tt->hand, TAP_IOCTL_GET_INFO,
4810
BSTR (&out), BCAP (&out),
4811
BSTR (&out), BCAP (&out),
4821
tun_show_debug (struct tuntap *tt)
4823
if (tt && tt->hand != NULL)
4825
struct buffer out = alloc_buf (1024);
4827
while (DeviceIoControl (tt->hand, TAP_IOCTL_GET_LOG_LINE,
4828
BSTR (&out), BCAP (&out),
4829
BSTR (&out), BCAP (&out),
4832
msg (D_TAP_WIN32_DEBUG, "TAP-Win32: %s", BSTR (&out));
4839
close_tun (struct tuntap *tt)
4841
struct gc_arena gc = gc_new ();
4845
if ( tt->ipv6 && tt->did_ifconfig_ipv6_setup )
4847
/* netsh interface ipv6 delete address \"%s\" %s */
4848
const char * ifconfig_ipv6_local = print_in6_addr (tt->local_ipv6, 0, &gc);
4849
msg( M_WARN, "TODO: remove IPv6 address %s", ifconfig_ipv6_local );
4852
if (tt->ipapi_context_defined)
4855
if ((status = DeleteIPAddress (tt->ipapi_context)) != NO_ERROR)
4857
msg (M_WARN, "Warning: DeleteIPAddress[%u] failed on TAP-Win32 adapter, status=%u : %s",
4858
(unsigned int)tt->ipapi_context,
4859
(unsigned int)status,
4860
strerror_win32 (status, &gc));
4865
if (tt->options.dhcp_release)
4868
if (tt->hand != NULL)
4870
dmsg (D_WIN32_IO_LOW, "Attempting CancelIO on TAP-Win32 adapter");
4871
if (!CancelIo (tt->hand))
4872
msg (M_WARN | M_ERRNO, "Warning: CancelIO failed on TAP-Win32 adapter");
4875
dmsg (D_WIN32_IO_LOW, "Attempting close of overlapped read event on TAP-Win32 adapter");
4876
overlapped_io_close (&tt->reads);
4878
dmsg (D_WIN32_IO_LOW, "Attempting close of overlapped write event on TAP-Win32 adapter");
4879
overlapped_io_close (&tt->writes);
4881
if (tt->hand != NULL)
4883
dmsg (D_WIN32_IO_LOW, "Attempting CloseHandle on TAP-Win32 adapter");
4884
if (!CloseHandle (tt->hand))
4885
msg (M_WARN | M_ERRNO, "Warning: CloseHandle failed on TAP-Win32 adapter");
4888
if (tt->actual_name)
4889
free (tt->actual_name);
4898
* Convert --ip-win32 constants between index and ascii form.
4901
struct ipset_names {
4902
const char *short_form;
4905
/* Indexed by IPW32_SET_x */
4906
static const struct ipset_names ipset_names[] = {
4915
ascii2ipset (const char* name)
4918
ASSERT (IPW32_SET_N == SIZE (ipset_names));
4919
for (i = 0; i < IPW32_SET_N; ++i)
4920
if (!strcmp (name, ipset_names[i].short_form))
4926
ipset2ascii (int index)
4928
ASSERT (IPW32_SET_N == SIZE (ipset_names));
4929
if (index < 0 || index >= IPW32_SET_N)
4930
return "[unknown --ip-win32 type]";
4932
return ipset_names[index].short_form;
4936
ipset2ascii_all (struct gc_arena *gc)
4938
struct buffer out = alloc_buf_gc (256, gc);
4941
ASSERT (IPW32_SET_N == SIZE (ipset_names));
4942
for (i = 0; i < IPW32_SET_N; ++i)
4945
buf_printf(&out, " ");
4946
buf_printf(&out, "[%s]", ipset2ascii(i));
4954
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
4956
open_tun_generic (dev, dev_type, dev_node, false, true, tt);
4960
close_tun (struct tuntap* tt)
4964
close_tun_generic (tt);
4970
write_tun (struct tuntap* tt, uint8_t *buf, int len)
4972
return write (tt->fd, buf, len);
4976
read_tun (struct tuntap* tt, uint8_t *buf, int len)
4978
return read (tt->fd, buf, len);